Page MenuHomePhabricator
Create Task
Maniphest T55194

Make authentication window size and leniency configurable
Closed, ResolvedPublic
Actions

Description

Right now the window size is hardcoded to (I think) 30 seconds and the leniency is hardcoded to 4 windows. They should be configurable.

Version: master
Severity: enhancement

Details

Reference
bz53194

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 2:08 AM
bzimport added a project: MediaWiki-extensions-OATHAuth.
bzimport set Reference to bz53194.
Parent5446 created this task.Aug 22 2013, 3:16 AM
Parent5446 added a comment.Aug 22 2013, 3:26 AM

I should also note that the TOTP RFC recommends using a window size of 30 seconds and a leniency of 1 window in each direction. If WMF uses NTP on their servers, that should not be an issue since most TOTP apps have time synchronization.

gerritbot added a comment.May 11 2014, 9:34 AM

Change 132784 had a related patch set uploaded by Parent5446:
Make authentication window size and leniency configurable

https://gerrit.wikimedia.org/r/132784

Aklapper removed RyanLane as the assignee of this task.Apr 26 2015, 12:11 PM
Parent5446 moved this task from Backlog to In Progress on the MediaWiki-extensions-OATHAuth board.May 23 2015, 2:51 PM
Parent5446 claimed this task.May 23 2015, 4:02 PM
Parent5446 closed this task as Resolved.May 25 2015, 10:00 PM

Patch merged

Parent5446 removed a project: Patch-For-Review.May 25 2015, 10:01 PM
Parent5446 set Security to None.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits