Page MenuHomePhorge
Differential D4370

Fix TOTP authentication
ClosedPublic
Actions

Authored by sicherha on Jun 14 2023, 2:06 PM.
Tags
None
Referenced Files
F12208707: D4370.id12536.diff
Fri, May 17, 12:45 AM
Unknown Object (File)
Wed, May 15, 5:09 AM
Unknown Object (File)
Mon, May 13, 12:12 PM
Unknown Object (File)
Sun, May 5, 12:29 AM
Unknown Object (File)
Mon, Apr 29, 5:11 PM
Unknown Object (File)
Tue, Apr 23, 11:34 PM
Unknown Object (File)
Wed, Apr 17, 10:40 AM
Unknown Object (File)
Wed, Apr 17, 10:40 AM
View All 74 Files
Subscribers
None

Details

Reviewers
machniak
Commits
rRPK32f1865339b5: Fix TOTP authentication
Summary

Kolab used to depend on version 4 of the otphp library, which returns
its computed OTP codes as integers. Hence, the kolab_2fa plugin converts
the user input to int in order to facilitate comparisons using the
=== operator.

Starting with version 5, which is now bundled with Kolab, otphp returns
a string instead of an integer. Now the comparison is between an int
and a string, and thus consistently yields false. As a result, no
TOTP code is ever accepted.

Fix TOTP authentication by removing the now-obsolete conversion to
int.

Diff Detail

Repository
rRPK roundcubemail-plugins-kolab
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

sicherha requested review of this revision.Jun 14 2023, 2:06 PM
sicherha created this revision.
Harbormaster completed remote builds in B43346: Diff 12536.Jun 14 2023, 2:06 PM
machniak accepted this revision.Jun 14 2023, 2:49 PM
This revision is now accepted and ready to land.Jun 14 2023, 2:49 PM
Closed by commit rRPK32f1865339b5: Fix TOTP authentication (authored by sicherha, committed by machniak). · Explain WhyJun 14 2023, 2:54 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
plugins/
kolab_2fa/
lib/
Kolab2FA/
Driver/
3 lines

Diff 12542

View Options

plugins/kolab_2fa/lib/Kolab2FA/Driver/TOTP.php

Loading...