Require confirmation when generating backup codes

Signed-off-by: Joas Schilling <coding@schilljs.com>

2 files changed, 11 insertions, 4 deletions

diff --git a/apps/twofactor_backupcodes/js/settingsview.js b/apps/twofactor_backupcodes/js/settingsview.js
index 224f5f4797f..76396023120 100644
--- a/apps/twofactor_backupcodes/js/settingsview.js
+++ b/apps/twofactor_backupcodes/js/settingsview.js
@@ -89,6 +89,11 @@
 			}.bind(this));
 		},
 		_onGenerateBackupCodes: function () {
+			if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
+				OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this._onGenerateBackupCodes, this));
+				return;
+			}
+
 			// Hide old codes
 			this._enabled = false;
 			this.render();
diff --git a/apps/twofactor_backupcodes/lib/Controller/SettingsController.php b/apps/twofactor_backupcodes/lib/Controller/SettingsController.php
index fed7634643d..9b0b0fc57ba 100644
--- a/apps/twofactor_backupcodes/lib/Controller/SettingsController.php
+++ b/apps/twofactor_backupcodes/lib/Controller/SettingsController.php
@@ -59,15 +59,17 @@ class SettingsController extends Controller {
 
 	/**
 	 * @NoAdminRequired
+	 * @PasswordConfirmationRequired
+	 *
 	 * @return JSONResponse
 	 */
 	public function createCodes() {
 		$user = $this->userSession->getUser();
 		$codes = $this->storage->createCodes($user);
-		return [
-		    'codes' => $codes,
-		    'state' => $this->storage->getBackupCodesState($user),
-		];
+		return new JSONResponse([
+			'codes' => $codes,
+			'state' => $this->storage->getBackupCodesState($user),
+		]);
 	}
 
 }