No needed to store accepted code for the email OTP

Created on 2 January 2024, 11 months ago
Updated 16 January 2024, 10 months ago

Problem/Motivation

TFA module 2.x will 📌 Remove usage of alreadyAcceptedCode()/storeAccepedCode() in the TOTP,HOTP, Recovery Code plugins. Active , as it is no longer needed. The email OTP plugin provided by this module won't accept any accepted code at all since any used code will be delete straight away.

Proposed resolution

Delete following code at line 341 in TfaEmailOtpValidation.php.

https://git.drupalcode.org/project/tfa_email_otp/-/blob/1.0.x/src/Plugin...

      // Store accepted code to prevent replay attacks.
      $this->storeAcceptedCode($values['code']);

Remaining tasks

N/A

User interface changes

N/A

API changes

Data model changes

📌 Task
Status

Fixed

Version

1.0

Component

Code

Created by

🇦🇺Australia mingsong 🇦🇺

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024