From 421ff7f194875db9634ea783d9dd5b6111f19df3 Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Tue, 1 Sep 2015 13:01:20 +0800
Subject: Bug 1197073 - add support for 2fa using totp (eg. google
 authenticator)

---
 Bugzilla/Auth.pm | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

(limited to 'Bugzilla/Auth.pm')

diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index 88eadbe19..a4f2dd9a9 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -33,7 +33,7 @@ use fields qw(
 use Bugzilla::Constants;
 use Bugzilla::Error;
 use Bugzilla::Mailer;
-use Bugzilla::Util qw(datetime_from);
+use Bugzilla::Util qw(datetime_from i_am_webservice);
 use Bugzilla::User::Setting ();
 use Bugzilla::Auth::Login::Stack;
 use Bugzilla::Auth::Verify::Stack;
@@ -93,9 +93,28 @@ sub login {
     }
     $user->set_authorizer($self);
 
+    # trigger multi-factor auth.  once verified the provider calls mfa_verified()
+    if ($self->{_info_getter}->{successful}->requires_verification
+        && $user->mfa
+        && !Bugzilla->sudoer
+        && !i_am_webservice()
+    ) {
+        $user->mfa_provider->prompt({ user => $user, type => $type });
+        exit;
+    }
+
     return $self->_handle_login_result($login_info, $type);
 }
 
+sub mfa_verified {
+    my ($self, $user, $type) = @_;
+    require Bugzilla::Auth::Login::CGI;
+    $self->{_info_getter}->{successful} = Bugzilla::Auth::Login::CGI->new();
+    $self->_handle_login_result({ user => $user }, $type);
+    print Bugzilla->cgi->redirect('index.cgi');
+    exit;
+}
+
 sub successful_info_getter {
     my ($self) = @_;
 
-- 
cgit v1.2.3-24-g4f1b