Do not give the user the secret.

2025-10-17 01:42:19 +00:00 · 2016-03-19 07:56:57 +01:00
parent a26acf4a25
commit fb165ef28b
4 changed files with 9 additions and 18 deletions
--- a/app/Http/Controllers/PreferencesController.php
+++ b/app/Http/Controllers/PreferencesController.php
@@ -37,10 +37,11 @@ class PreferencesController extends Controller
    {
        $domain = $this->getDomain();
        $secret = $google2fa->generateSecretKey(16, Auth::user()->id);
+        Session::flash('two-factor-secret', $secret);
        $image  = $google2fa->getQRCodeInline('Firefly III at ' . $domain, null, $secret, 150);


-        return view('preferences.code', compact('secret', 'image'));
+        return view('preferences.code', compact('image'));
    }

    /**