Don't accept invalid yubikey tokens
Needs ReviewPublic

Authored by dhoffend on Jan 21 2017, 12:26 AM.

Details

Reviewers
None
Group Reviewers
Roundcube Kolab Plugins Developers
Summary

Don't accept empty/invalid yubikey token input when adding a factor

Test Plan

Use empty yubikey field or token < 12 chars

Diff Detail

Repository
rRPK roundcubemail-plugins-kolab
Branch
fix-yubikey-2fa
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 7869
Build 8091: arc lint + arc unit
dhoffend retitled this revision from to Don't accept invalid yubikey tokens.Jan 21 2017, 12:26 AM
dhoffend updated this object.
dhoffend edited the test plan for this revision. (Show Details)

Without this patch you can actually enter an empty token or a token smaller then 12 chars and it would get accepted. After that you cannot login anymore because your given yubikey token will never match against the saved youbikeyid