Page MenuHomePhorge

Fix TOTP authentication
ClosedPublic

Authored by sicherha on Jun 14 2023, 2:06 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 22, 6:22 PM
Unknown Object (File)
Fri, Nov 22, 2:41 AM
Unknown Object (File)
Tue, Nov 19, 5:45 PM
Unknown Object (File)
Tue, Nov 19, 5:45 PM
Unknown Object (File)
Oct 27 2024, 2:13 PM
Unknown Object (File)
Oct 27 2024, 2:13 PM
Unknown Object (File)
Oct 27 2024, 2:13 PM
Unknown Object (File)
Oct 25 2024, 11:27 AM
Subscribers
None

Details

Summary

Kolab used to depend on version 4 of the otphp library, which returns
its computed OTP codes as integers. Hence, the kolab_2fa plugin converts
the user input to int in order to facilitate comparisons using the
=== operator.

Starting with version 5, which is now bundled with Kolab, otphp returns
a string instead of an integer. Now the comparison is between an int
and a string, and thus consistently yields false. As a result, no
TOTP code is ever accepted.

Fix TOTP authentication by removing the now-obsolete conversion to
int.

Diff Detail

Repository
rRPK roundcubemail-plugins-kolab
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

sicherha created this revision.
This revision is now accepted and ready to land.Jun 14 2023, 2:49 PM
This revision was automatically updated to reflect the committed changes.