You are here

Home » API reference » Two-factor Authentication (TFA) 8 » TfaBasePlugin.php » TfaBasePlugin

protected function TfaBasePlugin::storeAcceptedCode in Two-factor Authentication (TFA) 8

Store validated code to prevent replay attack.

Parameters

string $code: The validated code.

1 call to TfaBasePlugin::storeAcceptedCode()
TfaRecoveryCode::validateRequest in src/Plugin/TfaValidation/TfaRecoveryCode.php
Simple validate for web services.

File

src/Plugin/TfaBasePlugin.php, line 214

Class

TfaBasePlugin
Base plugin class.

Namespace

Drupal\tfa\Plugin

Code

protected function storeAcceptedCode($code) {
  $code = preg_replace('/\\s+/', '', $code);
  $hash = Crypt::hashBase64(Settings::getHashSalt() . $code);

  // Store the hash made using the code in users_data.
  $store_data = [
    'tfa_accepted_code_' . $hash => \Drupal::time()
      ->getRequestTime(),
  ];
  $this
    ->setUserData('tfa', $store_data, $this->uid, $this->userData);
}