Micke/roundcubemail-plugins-kolab
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't accept invalid yubikey tokens

Browse source 
Summary: Don't accept empty/invalid yubikey token input when adding a factor

Test Plan: Use empty yubikey field or token < 12 chars

Reviewers: #roundcube_kolab_plugins_developers, mollekopf

Reviewed By: #roundcube_kolab_plugins_developers, mollekopf

Subscribers: #roundcube_kolab_plugins_developers

Differential Revision: https://git.kolab.org/D375
This commit is contained in:
Daniel Hoffend 2023-09-21 15:35:21 +02:00 committed by Aleksander Machniak
parent 1ee5a5fa0e
commit 18882d02dd
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
plugins/kolab_2fa/lib/Kolab2FA/Driver/Yubikey.php
View file

@ -107,6 +107,10 @@ class Yubikey extends Base
// truncate the submitted yubikey code to 12 characters // truncate the submitted yubikey code to 12 characters
$value = substr($value, 0, 12); $value = substr($value, 0, 12);
} }
// invalid or no yubikey token provided
elseif ($key == 'yubikeyid') {
return false;
}
return parent::set($key, $value, $persistent); return parent::set($key, $value, $persistent);
} }