summaryrefslogtreecommitdiffstats
path: root/userprefs.cgi
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2015-09-29 16:57:02 +0200
committerByron Jones <glob@mozilla.com>2015-09-29 16:57:02 +0200
commit05fed61671067cb6a750d41909ccb5692ba43808 (patch)
tree3ed5654e9383df29b48c009f16aed40d26782b1d /userprefs.cgi
parent87c32cbdf12784dacbbcd9694753ac0e5e02afea (diff)
downloadbugzilla-05fed61671067cb6a750d41909ccb5692ba43808.tar.gz
bugzilla-05fed61671067cb6a750d41909ccb5692ba43808.tar.xz
Bug 1199090 - add printable recovery 2fa codes
Diffstat (limited to 'userprefs.cgi')
-rwxr-xr-xuserprefs.cgi28
1 files changed, 22 insertions, 6 deletions
diff --git a/userprefs.cgi b/userprefs.cgi
index dcb518b80..bf12259fb 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -187,7 +187,7 @@ sub MfaAccount {
my $dbh = Bugzilla->dbh;
return unless $user->mfa;
- my $event = $user->mfa_provider->verify_check($cgi->param('mfa_token'));
+ my $event = $user->mfa_provider->verify_token($cgi->param('mfa_token'));
foreach my $action (@{ $event->{actions} }) {
if ($action->{type} eq 'set_login') {
@@ -308,7 +308,7 @@ sub MfaSettings {
my $user = Bugzilla->user;
return unless $user->mfa;
- my $event = $user->mfa_provider->verify_check($cgi->param('mfa_token'));
+ my $event = $user->mfa_provider->verify_token($cgi->param('mfa_token'));
my $settings = $user->settings;
if ($event->{reset}) {
@@ -657,7 +657,7 @@ sub SaveMFA {
my $dbh = Bugzilla->dbh;
my $user = Bugzilla->user;
my $action = $cgi->param('mfa_action') // '';
- return unless $action eq 'enable' || $action eq 'disable';
+ return unless $action eq 'enable' || $action eq 'recovery' || $action eq 'disable';
my $crypt_password = $user->cryptpassword;
if (bz_crypt($cgi->param('password'), $crypt_password) ne $crypt_password) {
@@ -674,8 +674,17 @@ sub SaveMFA {
$settings->{api_key_only}->set('on');
clear_settings_cache(Bugzilla->user->id);
}
+
+ elsif ($action eq 'recovery') {
+ $user->mfa_provider->verify_check(Bugzilla->input_params);
+ my $codes = $user->mfa_provider->generate_recovery_codes();
+ my $token = issue_short_lived_session_token('mfa-recovery');
+ set_token_extra_data($token, $codes);
+ $vars->{mfa_recovery_token} = $token;
+ }
+
else {
- $user->mfa_provider->check(Bugzilla->input_params);
+ $user->mfa_provider->verify_check(Bugzilla->input_params);
$user->set_mfa('');
}
@@ -692,7 +701,14 @@ sub DoMFA {
-Expires => 'Thu, 01 Dec 1994 16:00:00 GMT',
-Pragma => 'no-cache',
);
- if ($provider =~ /^[a-z]+$/) {
+ if ($provider eq 'recovery') {
+ my $token = $cgi->param('t');
+ $vars->{codes} = get_token_extra_data($token);
+ delete_token($token);
+ $template->process("mfa/recovery.html.tmpl", $vars)
+ || ThrowTemplateError($template->error());
+ }
+ elsif ($provider =~ /^[a-z]+$/) {
trick_taint($provider);
$template->process("mfa/$provider/enroll.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -828,7 +844,7 @@ sub MfaApiKey {
my $dbh = Bugzilla->dbh;
return unless $user->mfa;
- my $event = $user->mfa_provider->verify_check($cgi->param('mfa_token'));
+ my $event = $user->mfa_provider->verify_token($cgi->param('mfa_token'));
foreach my $action (@{ $event->{actions} }) {
if ($action->{type} eq 'create') {