From c380c4112c8c70ed1b885cbacd69690513dbe6a8 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 25 May 2022 10:04:58 +0200 Subject: [PATCH] Bug 30842: 2FA - Allow at least one old TOTP We allow one old token when we are setting the two-factor auth, we should reuse the same settings when validation the authentication itself. Test plan: Setup 2FA for your logged-in user Logout/Login Have a look at the code and wait for 30 sec before using it (< 1min however) Signed-off-by: David Nind Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi (cherry picked from commit f6110ce4170ced8ba246e295cc547c9794566ef1) Signed-off-by: Lucas Gass --- C4/Auth.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 96d8feb773..a44cd09767 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -911,7 +911,7 @@ sub checkauth { { my $patron = Koha::Patrons->find( { userid => $userid } ); my $auth = Koha::Auth::TwoFactorAuth->new( { patron => $patron } ); - my $verified = $auth->verify($otp_token); + my $verified = $auth->verify($otp_token, 1); $auth->clear; if ( $verified ) { # The token is correct, the user is fully logged in! -- 2.39.5