From ef8d143f122ceb8d7266d44cad15c0a9cdeb47fa Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Sat, 26 Aug 2017 11:48:34 -0600
Subject: [PATCH] optimizations for 2fa process

---
 classes/admin.php | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/classes/admin.php b/classes/admin.php
index b92a4604..9159de22 100644
--- a/classes/admin.php
+++ b/classes/admin.php
@@ -386,8 +386,6 @@ class Admin
             if ($twofa_admin_enabled && isset($user->twofa_enabled) && $user->twofa_enabled == true) {
                 $twofa = $this->get2FA();
 
-                $twofa->createSecret();
-
                 $secret = isset($user->twofa_secret) ? $user->twofa_secret : null;
                 if (!(isset($data['2fa_code']) && $twofa->verifyCode($secret, $data['2fa_code']))) {
                     return false;
@@ -1738,7 +1736,7 @@ class Admin
     {
         try {
 
-            $user = $this->grav['user'];
+            $user = clone($this->grav['user']);
 
             $twofa = $this->get2FA();
 
@@ -1751,9 +1749,9 @@ class Admin
 
             $image = $twofa->getQRCodeImageAsDataUri($email, $secret);
 
-            $user->twofa_secret = $secret;
-
+            $user->twofa_secret = str_replace(' ','',$secret);
 
+            unset($user->authenticated);
             $user->save();
 
             $this->json_response = ['status' => 'success', 'image' => $image, 'secret' => trim(chunk_split($secret, 4, ' '))];