Bug 1197073 - add support for 2fa using totp (eg. google authenticator)

author: Byron Jones <glob@mozilla.com> 2015-09-01 07:01:20 +0200
committer: Byron Jones <glob@mozilla.com> 2015-09-01 07:01:20 +0200
commit: 421ff7f194875db9634ea783d9dd5b6111f19df3 (patch)
tree: 5806e9f3001fa4f33ba85aa94856b70a7f878cf8 /Bugzilla/Auth/Verify
parent: bcc93f83a64a76cd73501eaefaf5fd073fbc3f0d (diff)
download: bugzilla-421ff7f194875db9634ea783d9dd5b6111f19df3.tar.gz
bugzilla-421ff7f194875db9634ea783d9dd5b6111f19df3.tar.xz
1 files changed, 11 insertions, 0 deletions
diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm
index aaa1b6c87..ea86346e1 100644
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/Verify/DB.pm
@@ -53,6 +53,7 @@ sub check_credentials {
     }
 
     my $password = $login_data->{password};
+    return { failure => AUTH_NODATA } unless defined $login_data->{password};
     my $real_password_crypted = $user->cryptpassword;
 
     # Using the internal crypted password as the salt,
@@ -105,6 +106,16 @@ sub check_credentials {
         $user->update();
     }
 
+    if (i_am_webservice() && $user->settings->{api_key_only}->{value} eq 'on') {
+        # api-key verification happens in Auth/Login/APIKey
+        # token verification happens in Auth/Login/Cookie
+        # if we get here from an api call then we must be using user/pass
+        return {
+            failure    => AUTH_ERROR,
+            user_error => 'invalid_auth_method',
+        };
+    }
+
     return $login_data;
 }
author	Byron Jones <glob@mozilla.com>	2015-09-01 07:01:20 +0200
committer	Byron Jones <glob@mozilla.com>	2015-09-01 07:01:20 +0200
commit	421ff7f194875db9634ea783d9dd5b6111f19df3 (patch)
tree	5806e9f3001fa4f33ba85aa94856b70a7f878cf8 /Bugzilla/Auth/Verify
parent	bcc93f83a64a76cd73501eaefaf5fd073fbc3f0d (diff)
download	bugzilla-421ff7f194875db9634ea783d9dd5b6111f19df3.tar.gz bugzilla-421ff7f194875db9634ea783d9dd5b6111f19df3.tar.xz