From 421ff7f194875db9634ea783d9dd5b6111f19df3 Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Tue, 1 Sep 2015 13:01:20 +0800
Subject: Bug 1197073 - add support for 2fa using totp (eg. google
 authenticator)

---
 token.cgi | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'token.cgi')

diff --git a/token.cgi b/token.cgi
index a326b2f32..9ae307215 100755
--- a/token.cgi
+++ b/token.cgi
@@ -93,6 +93,10 @@ if ($token) {
       Bugzilla::Token::Cancel($token, 'wrong_token_for_creating_account');
       ThrowUserError('wrong_token_for_creating_account');
   }
+  if ($action eq 'mfa' && $tokentype ne 'session') {
+      Bugzilla::Token::Cancel($token, 'wrong_token_for_mfa');
+      ThrowUserError('wrong_token_for_mfa');
+  }
 }
 
 
@@ -168,6 +172,8 @@ if ($action eq 'reqpw') {
     confirm_create_account($token);
 } elsif ($action eq 'cancel_new_account') {
     cancel_create_account($token);
+} elsif ($action eq 'mfa') {
+    verify_mfa($token);
 } else { 
     ThrowUserError('unknown_action', {action => $action});
 }
@@ -408,3 +414,16 @@ sub cancel_create_account {
     $template->process('global/message.html.tmpl', $vars)
       || ThrowTemplateError($template->error());
 }
+
+sub verify_mfa {
+    my $token = shift;
+    my ($user_id) = Bugzilla::Token::GetTokenData($token);
+    my $user = Bugzilla::User->check({ id => $user_id, cache => 1 });
+    if (!$user->mfa) {
+        delete_token($token);
+        print Bugzilla->cgi->redirect('index.cgi');
+        exit;
+    }
+    $user->mfa_provider->check_login($user);
+    delete_token($token);
+}
-- 
cgit v1.2.3-24-g4f1b