From 860d292df92649bb4de270513bcb0a4c074ad85e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matej=20Ba=C4=8Do?= <matejbaco2000@gmail.com>
Date: Wed, 10 Apr 2024 14:01:25 +0000
Subject: [PATCH] Fix recovery code removal

---
 app/controllers/api/account.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index ddb85e0d19..ea0141dc85 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -3821,6 +3821,7 @@ App::delete('/v1/account/mfa/authenticators/:type')
             $mfaRecoveryCodes = $user->getAttribute('mfaRecoveryCodes', []);
             if (in_array($otp, $mfaRecoveryCodes)) {
                 $mfaRecoveryCodes = array_diff($mfaRecoveryCodes, [$otp]);
+                $mfaRecoveryCodes = array_values($mfaRecoveryCodes);
                 $user->setAttribute('mfaRecoveryCodes', $mfaRecoveryCodes);
                 $dbForProject->updateDocument('users', $user->getId(), $user);
 
@@ -4069,6 +4070,7 @@ App::put('/v1/account/mfa/challenge')
                 $mfaRecoveryCodes = $user->getAttribute('mfaRecoveryCodes', []);
                 if (in_array($otp, $mfaRecoveryCodes)) {
                     $mfaRecoveryCodes = array_diff($mfaRecoveryCodes, [$otp]);
+                    $mfaRecoveryCodes = array_values($mfaRecoveryCodes);
                     $user->setAttribute('mfaRecoveryCodes', $mfaRecoveryCodes);
                     $dbForProject->updateDocument('users', $user->getId(), $user);