Ver código fonte

Only show backup codes when looking at the page for yourself

Fixes https://github.com/composer/packagist/pull/1031#discussion_r332589273
Colin O'Dell 5 anos atrás
pai
commit
0b4272099d

+ 3 - 3
src/Packagist/WebBundle/Controller/UserController.php

@@ -285,11 +285,11 @@ class UserController extends Controller
             throw new AccessDeniedException('You cannot change this user\'s two-factor authentication settings');
             throw new AccessDeniedException('You cannot change this user\'s two-factor authentication settings');
         }
         }
 
 
-        if ($backupCode = $this->get('session')->get('backup_code')) {
-            $this->get('session')->remove('backup_code');
+        if ($user->getId() === $this->getUser()->getId()) {
+            $backupCode = $this->get('session')->remove('backup_code');
         }
         }
 
 
-        return array('user' => $user, 'backup_code' => $backupCode);
+        return array('user' => $user, 'backup_code' => $backupCode ?? null);
     }
     }
 
 
     /**
     /**