From 372ef401b6bfc2b26f59a8a7f0cf3de084e2cdbd Mon Sep 17 00:00:00 2001
From: Derk-Jan Hartman <hartman.wiki@gmail.com>
Date: Wed, 16 Nov 2016 23:25:17 +0100
Subject: [PATCH] Trim surrounding whitespace and seperators from tokens

Google authenticator uses a space character as a group seperator.
We can thus expect users to enter such a separator and we should not
fail on that. Might as well trim whitespace too, as that is another
oft occuring user input mistake, that should not affect functionality.

Bug: T150603
Change-Id: I7334ed5dfaf933e61831438e2f86aa979cf9f51b
---
 OATHAuthKey.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/OATHAuthKey.php b/OATHAuthKey.php
index 63225d37..0a4be150 100644
--- a/OATHAuthKey.php
+++ b/OATHAuthKey.php
@@ -98,6 +98,11 @@ class OATHAuthKey {
 			Base32::decode( $this->secret['secret'] ),
 			$this->secret['period'], -$wgOATHAuthWindowRadius, $wgOATHAuthWindowRadius
 		);
+
+		// Remove any whitespace from the received token, which can be an intended group seperator
+		// or trimmeable whitespace
+		$token = preg_replace( '/\s+/', '', $token );
+
 		// Check to see if the user's given token is in the list of tokens generated
 		// for the time window.
 		foreach ( $results as $window => $result ) {