diff options
| author | Byron Jones <glob@mozilla.com> | 2015-09-01 07:01:20 +0200 |
|---|---|---|
| committer | Byron Jones <glob@mozilla.com> | 2015-09-01 07:01:20 +0200 |
| commit | 421ff7f194875db9634ea783d9dd5b6111f19df3 (patch) | |
| tree | 5806e9f3001fa4f33ba85aa94856b70a7f878cf8 /token.cgi | |
| parent | bcc93f83a64a76cd73501eaefaf5fd073fbc3f0d (diff) | |
| download | bugzilla-421ff7f194875db9634ea783d9dd5b6111f19df3.tar.gz bugzilla-421ff7f194875db9634ea783d9dd5b6111f19df3.tar.xz | |
Bug 1197073 - add support for 2fa using totp (eg. google authenticator)
Diffstat (limited to 'token.cgi')
| -rwxr-xr-x | token.cgi | 19 |
1 files changed, 19 insertions, 0 deletions
@@ -93,6 +93,10 @@ if ($token) { Bugzilla::Token::Cancel($token, 'wrong_token_for_creating_account'); ThrowUserError('wrong_token_for_creating_account'); } + if ($action eq 'mfa' && $tokentype ne 'session') { + Bugzilla::Token::Cancel($token, 'wrong_token_for_mfa'); + ThrowUserError('wrong_token_for_mfa'); + } } @@ -168,6 +172,8 @@ if ($action eq 'reqpw') { confirm_create_account($token); } elsif ($action eq 'cancel_new_account') { cancel_create_account($token); +} elsif ($action eq 'mfa') { + verify_mfa($token); } else { ThrowUserError('unknown_action', {action => $action}); } @@ -408,3 +414,16 @@ sub cancel_create_account { $template->process('global/message.html.tmpl', $vars) || ThrowTemplateError($template->error()); } + +sub verify_mfa { + my $token = shift; + my ($user_id) = Bugzilla::Token::GetTokenData($token); + my $user = Bugzilla::User->check({ id => $user_id, cache => 1 }); + if (!$user->mfa) { + delete_token($token); + print Bugzilla->cgi->redirect('index.cgi'); + exit; + } + $user->mfa_provider->check_login($user); + delete_token($token); +} |