mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth
synced 2024-09-24 02:39:53 +00:00
Trim surrounding whitespace and seperators from tokens
Google authenticator uses a space character as a group seperator. We can thus expect users to enter such a separator and we should not fail on that. Might as well trim whitespace too, as that is another oft occuring user input mistake, that should not affect functionality. Bug: T150603 Change-Id: I7334ed5dfaf933e61831438e2f86aa979cf9f51b
This commit is contained in:
Derk-Jan Hartman
parent
0ac5c0fb71
commit
372ef401b6
|
|
@ -98,6 +98,11 @@ class OATHAuthKey {
|
|||
Base32::decode( $this->secret['secret'] ),
|
||||
$this->secret['period'], -$wgOATHAuthWindowRadius, $wgOATHAuthWindowRadius
|
||||
);
|
||||
|
||||
// Remove any whitespace from the received token, which can be an intended group seperator
|
||||
// or trimmeable whitespace
|
||||
$token = preg_replace( '/\s+/', '', $token );
|
||||
|
||||
// Check to see if the user's given token is in the list of tokens generated
|
||||
// for the time window.
|
||||
foreach ( $results as $window => $result ) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue