Loading tests/tfa.test +32 −0 Original line number Diff line number Diff line Loading @@ -386,6 +386,38 @@ class TfaTestCase extends DrupalWebTestCase { $this->assertIdentical($plain_text, $tfa_totp->readFromStore()); } /** * Test expiry of the TFA process. */ public function testTfaExpiry() { // Enable test plugin. variable_set('tfa_validate_plugin', 'tfa_test_send'); $code = $this->randomName(); variable_set('tfa_test_code', $code); variable_set('tfa_timeout', -60); $account = $this->web_user; $edit = array( 'name' => $account->name, 'pass' => $account->pass_raw, ); // Not using drupalLogin() since it tests for actual login. $this->drupalPost('user/login', $edit, 'Log in'); $this->assertResponse(403, 'Access is denied to timed-out TFA form.'); $this->assertRaw('TFA session has expired.', 'Timeout message is displayed'); $url_parts = explode('/', $this->url); $login_hash = array_pop($url_parts); $this->drupalGet('system/tfa/' . $account->uid . '/' . $login_hash); $this->assertResponse(403, 'Access is denied to timed-out TFA form.'); $this->assertRaw('TFA session has expired.', 'Timeout message is displayed'); } /** * TFA module user interface strings. * Loading tfa.module +7 −1 Original line number Diff line number Diff line Loading @@ -37,6 +37,10 @@ function tfa_entry_access($account, $url_hash) { // Generate a hash for this account. $hash = tfa_login_hash($account); $context = tfa_get_context($account); if (REQUEST_TIME > $context['expires']) { drupal_set_message(t('TFA session has expired.')); return FALSE; } return $hash === $url_hash && !empty($context) && $context['uid'] === $account->uid; } Loading Loading @@ -105,6 +109,7 @@ function tfa_get_context($account) { * 'login' => array('tfa_my_login_plugin'), * 'fallback' => array('tfa_my_recovery_plugin'), * ), * 'expires' => 1664823268, */ function tfa_start_context($account) { $plugins = array( Loading @@ -131,8 +136,9 @@ function tfa_start_context($account) { $plugins['fallback'][] = $key; } } $expires = REQUEST_TIME + variable_get('tfa_timeout', 60 * 5); // Allow other modules to modify TFA context. $context = array('uid' => $account->uid, 'plugins' => $plugins); $context = array('uid' => $account->uid, 'plugins' => $plugins, 'expires' => $expires); drupal_alter('tfa_context', $context); tfa_set_context($account, $context); return $context; Loading Loading
tests/tfa.test +32 −0 Original line number Diff line number Diff line Loading @@ -386,6 +386,38 @@ class TfaTestCase extends DrupalWebTestCase { $this->assertIdentical($plain_text, $tfa_totp->readFromStore()); } /** * Test expiry of the TFA process. */ public function testTfaExpiry() { // Enable test plugin. variable_set('tfa_validate_plugin', 'tfa_test_send'); $code = $this->randomName(); variable_set('tfa_test_code', $code); variable_set('tfa_timeout', -60); $account = $this->web_user; $edit = array( 'name' => $account->name, 'pass' => $account->pass_raw, ); // Not using drupalLogin() since it tests for actual login. $this->drupalPost('user/login', $edit, 'Log in'); $this->assertResponse(403, 'Access is denied to timed-out TFA form.'); $this->assertRaw('TFA session has expired.', 'Timeout message is displayed'); $url_parts = explode('/', $this->url); $login_hash = array_pop($url_parts); $this->drupalGet('system/tfa/' . $account->uid . '/' . $login_hash); $this->assertResponse(403, 'Access is denied to timed-out TFA form.'); $this->assertRaw('TFA session has expired.', 'Timeout message is displayed'); } /** * TFA module user interface strings. * Loading
tfa.module +7 −1 Original line number Diff line number Diff line Loading @@ -37,6 +37,10 @@ function tfa_entry_access($account, $url_hash) { // Generate a hash for this account. $hash = tfa_login_hash($account); $context = tfa_get_context($account); if (REQUEST_TIME > $context['expires']) { drupal_set_message(t('TFA session has expired.')); return FALSE; } return $hash === $url_hash && !empty($context) && $context['uid'] === $account->uid; } Loading Loading @@ -105,6 +109,7 @@ function tfa_get_context($account) { * 'login' => array('tfa_my_login_plugin'), * 'fallback' => array('tfa_my_recovery_plugin'), * ), * 'expires' => 1664823268, */ function tfa_start_context($account) { $plugins = array( Loading @@ -131,8 +136,9 @@ function tfa_start_context($account) { $plugins['fallback'][] = $key; } } $expires = REQUEST_TIME + variable_get('tfa_timeout', 60 * 5); // Allow other modules to modify TFA context. $context = array('uid' => $account->uid, 'plugins' => $plugins); $context = array('uid' => $account->uid, 'plugins' => $plugins, 'expires' => $expires); drupal_alter('tfa_context', $context); tfa_set_context($account, $context); return $context; Loading
