From ecc15a7680c58a4bdea4bbf3876c8e6aeceab8ee Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Fri, 25 May 2018 09:49:31 +0200 Subject: [PATCH] src: undo change to edge case in Local TOTP #2390 TOTP modifies password, we can't use verbatim length checks. Spotted by: @adschellevis --- src/opnsense/mvc/app/library/OPNsense/Auth/Local.php | 5 ++++- src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php | 10 ++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/Local.php b/src/opnsense/mvc/app/library/OPNsense/Auth/Local.php index 71b69eab4..b0f7569a9 100644 --- a/src/opnsense/mvc/app/library/OPNsense/Auth/Local.php +++ b/src/opnsense/mvc/app/library/OPNsense/Auth/Local.php @@ -106,7 +106,10 @@ class Local extends Base implements IAuthConnector } /** - * check if the user should change his or hers password, calculated by the time difference of the last pwd change + * check if the user should change his or hers password, + * calculated by the time difference of the last pwd change + * and other criteria through checkPolicy() if password was + * given * @param string $username username to check */ public function shouldChangePassword($username, $password = null) diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php b/src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php index eaac0b6a0..955333a1e 100644 --- a/src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php +++ b/src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php @@ -173,6 +173,16 @@ trait TOTP return false; } + /** + * check if the user should change his or hers password + * @param string $username username to check + */ + public function shouldChangePassword($username, $password = null) + { + /* XXX deconstruct password and pass it */ + return parent::shouldChangePassword($username); + } + /** * set TOTP specific connector properties * @param array $config connection properties