[Koha-bugs] [Bug 28786] Two-factor authentication for staff client - TOTP
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jan 17 08:55:00 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28786
--- Comment #61 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
-my $secret = Koha::AuthUtils::generate_salt( 'weak', 16 );
-my $auth = Koha::Auth::TwoFactorAuth->new(
- { patron => $patron, secret => $secret } );
+my $auth = Koha::Auth::TwoFactorAuth->new({ patron => $patron });
my $secret32 = $auth->generate_secret32;
my $ok = $auth->verify($pin_code, 1, $secret32);
Actually, this is not what I meant.
You let the weak randomizer of Auth::GoogleAuth create a secret by calling
generate_secret32.
I had in mind to just remove that call. In the assumption that we pass our own
secret (hopefully better) from generate_salt?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list