Page MenuHomePhorge

Fix TOTP authentication
ClosedPublic

Authored by sicherha on Jun 14 2023, 2:06 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Apr 7, 10:23 AM
Unknown Object (File)
Sun, Apr 7, 1:57 AM
Unknown Object (File)
Thu, Apr 4, 7:28 PM
Unknown Object (File)
Wed, Apr 3, 1:19 PM
Unknown Object (File)
Wed, Apr 3, 1:19 PM
Unknown Object (File)
Wed, Apr 3, 1:19 PM
Unknown Object (File)
Mon, Mar 25, 1:59 AM
Unknown Object (File)
Sun, Mar 24, 6:54 AM
Subscribers
None

Details

Summary

Kolab used to depend on version 4 of the otphp library, which returns
its computed OTP codes as integers. Hence, the kolab_2fa plugin converts
the user input to int in order to facilitate comparisons using the
=== operator.

Starting with version 5, which is now bundled with Kolab, otphp returns
a string instead of an integer. Now the comparison is between an int
and a string, and thus consistently yields false. As a result, no
TOTP code is ever accepted.

Fix TOTP authentication by removing the now-obsolete conversion to
int.

Diff Detail

Repository
rRPK roundcubemail-plugins-kolab
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

sicherha created this revision.
This revision is now accepted and ready to land.Jun 14 2023, 2:49 PM
This revision was automatically updated to reflect the committed changes.