TheDJ has uploaded a new change for review. https://gerrit.wikimedia.org/r/322009
Change subject: Don't allow scratch tokens when enrolling for 2 auth. ...................................................................... Don't allow scratch tokens when enrolling for 2 auth. Validating with a scratch code is probably a "giant trap that newbies could fall into". Bug: T150824 Change-Id: I5710b151d7682e4cdb0b6a692f7b2c108f051caf --- M special/SpecialOATHEnable.php 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth refs/changes/09/322009/1 diff --git a/special/SpecialOATHEnable.php b/special/SpecialOATHEnable.php index 700d78b..feea477 100644 --- a/special/SpecialOATHEnable.php +++ b/special/SpecialOATHEnable.php @@ -157,7 +157,7 @@ /** @var OATHAuthKey $key */ $key = $this->getRequest()->getSessionData( 'oathauth_key' ); - if ( !$key->verifyToken( $formData['token'], $this->OATHUser ) ) { + if ( OATHAuthKey::MAIN_TOKEN !== $key->verifyToken( $formData['token'], $this->OATHUser ) ) { return [ 'oathauth-failedtovalidateoauth' ]; } -- To view, visit https://gerrit.wikimedia.org/r/322009 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5710b151d7682e4cdb0b6a692f7b2c108f051caf Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/OATHAuth Gerrit-Branch: master Gerrit-Owner: TheDJ <hartman.w...@gmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits