Don't store hashed versions of backup codes

* Really no point; secret must be in plain-text and only ever used in conjunction with pass/etc. * Better oputil handling
2019-05-09 20:25:47 -06:00
parent 6070bc94e7
commit 2767f3c4e3
3 changed files with 39 additions and 62 deletions
--- a/core/user_property.js
+++ b/core/user_property.js
@@ -62,6 +62,6 @@ module.exports = {
    AuthFactor1Types                : 'auth_factor1_types',         //  List of User.AuthFactor1Types value(s)
    AuthFactor2OTP                  : 'auth_factor2_otp',           //  If present, OTP type for 2FA
    AuthFactor2OTPSecret            : 'auth_factor2_otp_secret',    //  Secret used in conjunction with OTP 2FA
-    AuthFactor2OTPBackupCodes       : 'auth_factor2_otp_backup',    //  JSON array of backup codes: [{salt,code}, ...]
+    AuthFactor2OTPBackupCodes       : 'auth_factor2_otp_backup',    //  JSON array of backup codes
 };