TheDJ has uploaded a new change for review.
https://gerrit.wikimedia.org/r/321998
Change subject: Trim surrounding whitespace and seperators from tokens
......................................................................
Trim surrounding whitespace and seperators from tokens
Google authenticator uses a space character as a group seperator.
We can thus expect users to enter such a separator and we should not
fail on that. Might as well trim whitespace too, as that is another
oft occuring user input mistake, that should not affect functionality.
Bug: T150603
Change-Id: I7334ed5dfaf933e61831438e2f86aa979cf9f51b
---
M OATHAuthKey.php
1 file changed, 5 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth
refs/changes/98/321998/1
diff --git a/OATHAuthKey.php b/OATHAuthKey.php
index 63225d3..0a4be15 100644
--- a/OATHAuthKey.php
+++ b/OATHAuthKey.php
@@ -98,6 +98,11 @@
Base32::decode( $this->secret['secret'] ),
$this->secret['period'], -$wgOATHAuthWindowRadius,
$wgOATHAuthWindowRadius
);
+
+ // Remove any whitespace from the received token, which can be
an intended group seperator
+ // or trimmeable whitespace
+ $token = preg_replace( '/\s+/', '', $token );
+
// Check to see if the user's given token is in the list of
tokens generated
// for the time window.
foreach ( $results as $window => $result ) {
--
To view, visit https://gerrit.wikimedia.org/r/321998
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I7334ed5dfaf933e61831438e2f86aa979cf9f51b
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OATHAuth
Gerrit-Branch: master
Gerrit-Owner: TheDJ <hartman.w...@gmail.com>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
