[CORE-4181] Exception when entering OTP code more than 16 characters - Blesta

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 5.0.0
Fix Version/s: 4.12.4, 5.0.4
Component/s: Client Interface, Staff Interface
Labels:
None

Description

When submitting a one time password during the 2FA check that is longer than 16 characters, an error is returned:

String data, right truncated: 1406 Data too long for column 'otp' at row 1 on line 196 .../path/to/PdoConnection.php

User input should not exceed 16 characters. The reporter of this bug included the following diff for our consideration:

diff --git a/blesta/app/models/users.php b/blesta/app/models/users.php
index 3b6fa517..75e4ec57 100644
— a/blesta/app/models/users.php
+++ b/blesta/app/models/users.php
@@ -66,6 +66,11 @@ class Users extends AppModel
// Validate OTP
$rules = [
'otp' => [
+ 'valid' => [
+ 'rule' => ['maxLength', 16],
+ 'message' => $this->_('Users.!error.otp.auth'),
+ 'final' => true
+ ],
'auth' => [
'rule' => [[$this, 'validateOtp'], $user],
'message' => $this->_('Users.!error.otp.auth')
@@ -986,6 +991,11 @@ class Users extends AppModel

// Validate OTP
$rules['otp'] = [
+ 'valid' => [
+ 'rule' => ['maxLength', 16],
+ 'message' => $this->_('Users.!error.otp.auth'),
+ 'final' => true
+ ],
'auth' => [
'rule' => [[$this, 'validateOtp'], $user],
'message' => $this->_('Users.!error.otp.auth')

Activity

There are no comments yet on this issue.

People

Assignee:

Jonathan Reissmueller

Reporter:

Paul Phillips

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

24/Feb/21 3:56 PM

Updated:

29/Mar/21 10:46 AM

Resolved:

18/Mar/21 2:59 PM

Fix Release Date:

5/Apr/21

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

25m

Agile

Completed Sprint:

5.1.0 Sprint 3 ended 12/Apr/21
View on Board