[Koha-bugs] [Bug 28787] Send a notice with the TOTP token
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jul 7 09:05:21 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28787
--- Comment #25 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
(In reply to Tomás Cohen Arazi from comment #21)
> I haven't read the patches yet, but I'd like to mention that, to me, OTP
> should be generated in very specific cases and so our handling in V1/Auth.pm
> needs to be very careful. Somehow, we need to identify a session that is in
> an intermediate state: it already identified correctly but still needs a
> specific action. So not any active session should be able to request a OTP.
Currently, we do allow it. I am not sure if we should need to revoke it when
the session allows it.
We could easily revoke for status==ok, but the code wont improve imo.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list