Don't accept invalid yubikey tokens

Summary: Don't accept empty/invalid yubikey token input when adding a factor

Test Plan: Use empty yubikey field or token < 12 chars

Reviewers: #roundcube_kolab_plugins_developers, mollekopf

Reviewed By: #roundcube_kolab_plugins_developers, mollekopf

Subscribers: #roundcube_kolab_plugins_developers

Differential Revision: https://git.kolab.org/D375

plugins/kolab_2fa/lib/Kolab2FA/Driver/Yubikey.php

@@ -107,6 +107,10 @@ class Yubikey extends Base
             // truncate the submitted yubikey code to 12 characters
             $value = substr($value, 0, 12);
         }
+        // invalid or no yubikey token provided
+        elseif ($key == 'yubikeyid') {
+            return false;
+        }
 
         return parent::set($key, $value, $persistent);
     }