[Koha-bugs] [Bug 28787] Send a notice with the TOTP token
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed May 25 10:07:42 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28787
--- Comment #8 from Jonathan Druart <jonathan.druart+koha at gmail.com> ---
> (In reply to David Cook from comment #6)
> > Another thing we could do is add the range parameter to the verify()
> > function I believe. At the moment, it looks like we're not following the
> > recommendations of rfc6238 to allow additional backwards steps. (Typically,
> > with a TOTP, you can usually use up to 2-3 old codes and still work to allow
> > for clock drift and slow users.)
>
> Yes, that's a bug. I was pretty sure it was allowing at least 1 old code.
> It's in the POD of ->verify, and members/two_factor_auth.pl, but C4/Auth.pm
Fixed on bug 30842.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list