25 May
2022
25 May
'22
9:07 a.m.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28787 --- Comment #8 from Jonathan Druart <jonathan.druart+koha@gmail.com> ---
(In reply to David Cook from comment #6)
Another thing we could do is add the range parameter to the verify() function I believe. At the moment, it looks like we're not following the recommendations of rfc6238 to allow additional backwards steps. (Typically, with a TOTP, you can usually use up to 2-3 old codes and still work to allow for clock drift and slow users.)
Yes, that's a bug. I was pretty sure it was allowing at least 1 old code. It's in the POD of ->verify, and members/two_factor_auth.pl, but C4/Auth.pm
Fixed on bug 30842. -- You are receiving this mail because: You are watching all bug changes.