From 5390d844aa7171fb786d7514b4dcc7bcb5567166 Mon Sep 17 00:00:00 2001
From: Clochix <clochix@clochix.net>
Date: Mon, 11 Jul 2016 10:51:50 +0200
Subject: [PATCH] Fix error with 2FA recovery code, refs #292

---
 server/middlewares/authentication.coffee | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/middlewares/authentication.coffee b/server/middlewares/authentication.coffee
index a9a5e5af..0a01550f 100644
--- a/server/middlewares/authentication.coffee
+++ b/server/middlewares/authentication.coffee
@@ -43,12 +43,12 @@ disableRecoveryCode = (user, codes, index, callback) ->
 
 attemptRecoveryCodes = (user, req, res, next) ->
     User.first (err, user) ->
-        codes = JSON.parse(user.encryptedRecoveryCodes)
         if err
             next makeError 401, 'no user found', err
         else if not user.encryptedRecoveryCodes?
             next makeError 401, 'error otp invalid code'
         else
+            codes = JSON.parse(user.encryptedRecoveryCodes)
             index = codes.indexOf(parseInt req.body.authcode)
             if index is -1 # invalid code
                 next makeError 401, 'error otp invalid code'