[Koha-bugs] [Bug 29873] 2FA: Generate QR code without exposing secret via HTTP GET
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Apr 12 16:31:00 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29873
Marcel de Rooy <m.de.rooy at rijksmuseum.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #129576|0 |1
is obsolete| |
Attachment #129579|0 |1
is obsolete| |
Attachment #129580|0 |1
is obsolete| |
Attachment #129581|0 |1
is obsolete| |
Attachment #129605|0 |1
is obsolete| |
--- Comment #19 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
Created attachment 133216
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133216&action=edit
Bug 29873: Create QR code
Instead of using deprecated Google Charts API, and exposing our
secret in a GET parameter, we generate QR data ourselves.
Test plan:
[1] Enable two factor authentication in the prefs.
[2] Login in staff. Go to account. Select Manage 2FA.
[3] Verify that QR code is displayed.
[4] Register the QR in your authenticator app and test 2FA
by logging in again.
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Tested with Google Authenticator and FreeOTP.
Bug 29873: (follow-up) Rename qr_dataurl
As requested by a QA team member.
We're moving to qr_code as method name. This is the same name as
the method in the underlying base class.
Apart from one sed statement, changing to self->SUPER on one line.
Test plan:
Can you still register, logout and login?
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Bug 29873: (follow-up) Switch to GD
We do not need a new module, we could use GD instead.
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list