This provides 160bit length instead of the previous 80, as
recommended by the rfc4226 (hotp), which is the basis for rfc6238 (totp).
128 bit is required by the rfc, and e.g. FreeOTP complains with an 80bit secret.
Summary:
Kolab used to depend on version 4 of the otphp library, which returns
its computed OTP codes as integers. Hence, the kolab_2fa plugin converts
the user input to `int` in order to facilitate comparisons using the
`===` operator.
Starting with version 5, which is now bundled with Kolab, otphp returns
a string instead of an integer. Now the comparison is between an `int`
and a `string`, and thus consistently yields `false`. As a result, no
TOTP code is ever accepted.
Fix TOTP authentication by removing the now-obsolete conversion to
`int`.
Reviewers: machniak
Reviewed By: machniak
Differential Revision: https://git.kolab.org/D4370
Summary:
Proposed fix for the bug reported in T1784
The method kolab_2fa::get_driver() is called with the full factor ID (<method>:<uuid>)
and therefore fails to retrieve the right properties from plugin config. This change fixes this at the right place.
Reviewers: machniak
Reviewed By: machniak
Subscribers: jh23453
Differential Revision: https://git.kolab.org/D242
Allow kolab_auth plugin to populate 'kolab_2fa_factors' config option through 'kolab_auth_role_settings'
and hereby define the active authentication factors from the one LDAP query.
