https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28787
--- Comment #8 from Jonathan Druart <[email protected]> --- > (In reply to David Cook from comment #6) > > Another thing we could do is add the range parameter to the verify() > > function I believe. At the moment, it looks like we're not following the > > recommendations of rfc6238 to allow additional backwards steps. (Typically, > > with a TOTP, you can usually use up to 2-3 old codes and still work to allow > > for clock drift and slow users.) > > Yes, that's a bug. I was pretty sure it was allowing at least 1 old code. > It's in the POD of ->verify, and members/two_factor_auth.pl, but C4/Auth.pm Fixed on bug 30842. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
