Page MenuHomePhorge

Fix TOTP authentication
ClosedPublic

Authored by sicherha on Jun 14 2023, 2:06 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Aug 27, 11:27 PM
Unknown Object (File)
Sun, Aug 25, 4:38 PM
Unknown Object (File)
Jul 30 2024, 7:23 PM
Unknown Object (File)
Jul 27 2024, 4:31 AM
Unknown Object (File)
Jul 26 2024, 4:26 AM
Unknown Object (File)
Jul 24 2024, 2:56 AM
Unknown Object (File)
Jul 23 2024, 11:24 PM
Unknown Object (File)
Jul 23 2024, 10:23 PM
Subscribers
None

Details

Summary

Kolab used to depend on version 4 of the otphp library, which returns
its computed OTP codes as integers. Hence, the kolab_2fa plugin converts
the user input to int in order to facilitate comparisons using the
=== operator.

Starting with version 5, which is now bundled with Kolab, otphp returns
a string instead of an integer. Now the comparison is between an int
and a string, and thus consistently yields false. As a result, no
TOTP code is ever accepted.

Fix TOTP authentication by removing the now-obsolete conversion to
int.

Diff Detail

Repository
rRPK roundcubemail-plugins-kolab
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

sicherha created this revision.
This revision is now accepted and ready to land.Jun 14 2023, 2:49 PM
This revision was automatically updated to reflect the committed changes.