Page MenuHomePhabricator
Files F14004937

D19884.diff
No OneTemporary
Actions

D19884.diff
View Options

diff --git a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php
--- a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php
+++ b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php
@@ -2,6 +2,8 @@
final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor {
+ const DIGEST_TEMPORARY_KEY = 'mfa.totp.sync';
+
public function getFactorKey() {
return 'totp';
}
@@ -34,12 +36,16 @@
// (We store and verify the hash of the key, not the key itself, to limit
// how useful the data in the table is to an attacker.)
+ $token_code = PhabricatorHash::digestWithNamedKey(
+ $key,
+ self::DIGEST_TEMPORARY_KEY);
+
$temporary_token = id(new PhabricatorAuthTemporaryTokenQuery())
->setViewer($user)
->withTokenResources(array($user->getPHID()))
->withTokenTypes(array($totp_token_type))
->withExpired(false)
- ->withTokenCodes(array(PhabricatorHash::weakDigest($key)))
+ ->withTokenCodes(array($token_code))
->executeOne();
if (!$temporary_token) {
// If we don't have a matching token, regenerate the key below.
@@ -53,12 +59,16 @@
// Mark this key as one we generated, so the user is allowed to submit
// a response for it.
+ $token_code = PhabricatorHash::digestWithNamedKey(
+ $key,
+ self::DIGEST_TEMPORARY_KEY);
+
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
id(new PhabricatorAuthTemporaryToken())
->setTokenResource($user->getPHID())
->setTokenType($totp_token_type)
->setTokenExpires(time() + phutil_units('1 hour in seconds'))
- ->setTokenCode(PhabricatorHash::weakDigest($key))
+ ->setTokenCode($token_code)
->save();
unset($unguarded);
}

File Metadata

Mime Type
text/plain
Expires
Mon, Oct 28, 5:42 AM (3 w, 1 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6712688
Default Alt Text
D19884.diff (1 KB)

Event Timeline

Phabricator · Built by Phacility