From 58956a666a31ac8338dc22f48ed5b9baedf8c1f3 Mon Sep 17 00:00:00 2001
From: Chihiro Adachi <8196725+chihiro-adachi@users.noreply.github.com>
Date: Tue, 19 Mar 2024 17:59:06 +0900
Subject: [PATCH] =?UTF-8?q?=E3=83=90=E3=83=BC=E3=82=B8=E3=83=A7=E3=83=B3?=
 =?UTF-8?q?=E3=81=A7=E5=88=86=E5=B2=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Controller/CustomerPersonalValidationController.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/Controller/CustomerPersonalValidationController.php b/Controller/CustomerPersonalValidationController.php
index b55b9b6..f41ba4e 100644
--- a/Controller/CustomerPersonalValidationController.php
+++ b/Controller/CustomerPersonalValidationController.php
@@ -13,6 +13,7 @@
 
 namespace Plugin\TwoFactorAuthCustomer42\Controller;
 
+use Eccube\Common\Constant;
 use Eccube\Controller\AbstractController;
 use Eccube\Entity\Customer;
 use Eccube\Repository\CustomerRepository;
@@ -237,10 +238,16 @@ private function checkDeviceToken($Customer, $token): bool
         $now = new \DateTime();
 
         // フォームからのハッシュしたワンタイムパスワードとDBに保存しているワンタイムパスワードのハッシュは一致しているかどうか
-        if (
+        if (version_compare(Constant::VERSION, '4.3', '>=') &&
             !$this->customerTwoFactorAuthService->veriyOneTimeToken($Customer->getDeviceAuthOneTimeToken(), $token) ||
             $Customer->getDeviceAuthOneTimeTokenExpire() < $now) {
             return false;
+        } else {
+            if (
+                $Customer->getDeviceAuthOneTimeToken() !== $this->customerTwoFactorAuthService->hashOneTimeToken($token) ||
+                $Customer->getDeviceAuthOneTimeTokenExpire() < $now) {
+                return false;
+            }
         }
 
         return true;