-
Notifications
You must be signed in to change notification settings - Fork 379
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add osu! client verification support #2862
Comments
This will be updated in the near future. |
I'm working on the code for 2fa support and Yubikey support if there is a template that can be used for that. |
For the initial implementation, we'd want to give the option of a generated one-time passcode (like the one generated by Google authenticator or Authy) as a substitute for the verification codes that are currently sent out via email. Basically, if a user has this option enabled, it would replace the email-based verification codes, so the existing verification dialog can be used for input. Other details like how account recovery would work in the case of forgotten passwords, etc; when 2FA is enabled are still undecided. We're not considering explicit support for U2F yet. |
Is anyone working on this one currently? Would like to start working at least on the technical side of implementation. |
I was about to bring this up today. This does need priority as it is seemingly one of the two remaining systems left on the old site (the other one being arguable unnecessary, forum PMs). Basic requirements for this:
Here's the old implementation for reference. function updateClientHash()
{
global $conn, $user;
if ($_SESSION['clienthash'])
{
$clientHash = explode(':', sqlstr($_SESSION['clienthash']));
$conn->exec("INSERT IGNORE INTO osu_user_security (user_id, osu_md5, mac_md5, unique_md5, disk_md5) VALUES ({$user->data[user_id]} , UNHEX('{$clientHash[0]}'), UNHEX('{$clientHash[2]}'), UNHEX('{$clientHash[3]}'), UNHEX('{$clientHash[4]}'))");
$conn->exec("UPDATE osu_user_security SET verified = 1 WHERE user_id = {$user->data[user_id]} AND unique_md5 = UNHEX('{$clientHash[3]}') AND osu_md5 = UNHEX('$clientHash[0]') AND verified = 0");
$_SESSION['clienthash'] = null;
}
} I'd hope there are tests to go along with this, if possible. Let me know if you have any further questions. |
the name of this issue made me think it was about mobile app 2fa (seems like notbakaneko misunderstood it as that too), can we open a different issue for that and rename this one |
(Sorry if this is known/a duplicate - I tried search)
When logging in (first time) with the old osu! client we need to authorize our accounts, that means we are redirected to the old website which will be getting removed soon. I noticed osu!lazer doesn't require authorization however, so this may not be an issue (unless that feature is not yet implemented there).
The text was updated successfully, but these errors were encountered: