[MediaWiki-commits] [Gerrit] mediawiki...OATHAuth[master]: Don't allow scratch tokens when enrolling for 2 auth.

Wed, 16 Nov 2016 15:06:06 -0800 

TheDJ has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/322009

Change subject: Don't allow scratch tokens when enrolling for 2 auth.
......................................................................

Don't allow scratch tokens when enrolling for 2 auth.

Validating with a scratch code is probably a "giant trap that newbies
could fall into".

Bug: T150824
Change-Id: I5710b151d7682e4cdb0b6a692f7b2c108f051caf
---
M special/SpecialOATHEnable.php
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth 
refs/changes/09/322009/1

diff --git a/special/SpecialOATHEnable.php b/special/SpecialOATHEnable.php
index 700d78b..feea477 100644
--- a/special/SpecialOATHEnable.php
+++ b/special/SpecialOATHEnable.php
@@ -157,7 +157,7 @@
                /** @var OATHAuthKey $key */
                $key = $this->getRequest()->getSessionData( 'oathauth_key' );
 
-               if ( !$key->verifyToken( $formData['token'], $this->OATHUser ) 
) {
+               if ( OATHAuthKey::MAIN_TOKEN !== $key->verifyToken( 
$formData['token'], $this->OATHUser ) ) {
                        return [ 'oathauth-failedtovalidateoauth' ];
                }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/322009
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5710b151d7682e4cdb0b6a692f7b2c108f051caf
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OATHAuth
Gerrit-Branch: master
Gerrit-Owner: TheDJ <hartman.w...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to