From a4e16a1095a99a39180d1c1b158c4a3662aafa05 Mon Sep 17 00:00:00 2001
From: peterbolha <xbolha@fi.muni.cz>
Date: Wed, 6 Dec 2023 12:13:00 +0100
Subject: [PATCH] fix: enable backup code checking

---
 lib/Auth/Utils.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/Auth/Utils.php b/lib/Auth/Utils.php
index 35a24c0..adff02f 100644
--- a/lib/Auth/Utils.php
+++ b/lib/Auth/Utils.php
@@ -103,7 +103,7 @@ class Utils
                     self::handlePrivacyIDEAException($e, $state);
                 }
             }
-        } else {
+        } elseif ($formParams['mode'] === 'totp') {
             try {
                 // limit otp validation to totp tokens to prevent incrementing of webauthn failcounter
                 $params["type"] = "totp";
@@ -123,6 +123,13 @@ class Utils
             } catch (\Exception $e) {
                 self::handlePrivacyIDEAException($e, $state);
             }
+        } else {
+            // Backup code validation
+            try {
+                $response = $pi->validateCheck($username, $formParams['otp'], $transactionID);
+            } catch (\Exception $e) {
+                self::handlePrivacyIDEAException($e, $state);
+            }
         }
         $counter = $formParams['loadCounter'];
         $state['privacyidea:privacyidea:ui']['loadCounter'] = $counter + 1;
-- 
GitLab