From 043c7523acd6af5288191b15f746fc360b73ab40 Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Wed, 23 Sep 2015 11:54:41 +0800
Subject: Bug 1199087 - extend 2fa protection beyond login

---
 Bugzilla/MFA/TOTP.pm | 27 ++++++++++-----------------
 1 file changed, 10 insertions(+), 17 deletions(-)

(limited to 'Bugzilla/MFA')

diff --git a/Bugzilla/MFA/TOTP.pm b/Bugzilla/MFA/TOTP.pm
index 05e4e4e3b..859ca4b8d 100644
--- a/Bugzilla/MFA/TOTP.pm
+++ b/Bugzilla/MFA/TOTP.pm
@@ -48,32 +48,25 @@ sub enrolled {
 }
 
 sub prompt {
-    my ($self, $params) = @_;
+    my ($self, $vars) = @_;
     my $template = Bugzilla->template;
 
-    my $vars = {
-        user  => $params->{user},
-        token => scalar issue_session_token('mfa', $params->{user}),
-        type  => $params->{type},
-    };
-
     print Bugzilla->cgi->header();
     $template->process('mfa/totp/verify.html.tmpl', $vars)
         || ThrowTemplateError($template->error());
 }
 
 sub check {
-    my ($self, $code) = @_;
-    $self->_auth()->verify($code, 1)
-        || ThrowUserError('mfa_totp_bad_code');
-}
-
-sub check_login {
-    my ($self, $user) = @_;
-    my $cgi = Bugzilla->cgi;
+    my ($self, $params) = @_;
+    my $code = $params->{code} // '';
+    return if $self->_auth()->verify($code, 1);
 
-    $self->check($cgi->param('code') // '');
-    $user->authorizer->mfa_verified($user, $cgi->param('type'));
+    if (exists $params->{mfa_action}) {
+        ThrowUserError('mfa_totp_bad_enrolment_code');
+    }
+    else {
+        ThrowUserError('mfa_totp_bad_code');
+    }
 }
 
 1;
-- 
cgit v1.2.3-24-g4f1b