#2490: yubikey auth failure on admin.fp.o displays a tick icon -------------------------+-------------------------------------------------- Reporter: elwell | Owner: webmaster Type: bug | Status: new Priority: trivial | Milestone: Component: Web Content | Version: Severity: Normal | Keywords: yubikey -------------------------+-------------------------------------------------- = phenomenon = when setting up a yubikey on https://admin.fedoraproject.org/accounts/yubikey the Test Auth: part *always* displays a green 'tick' icon, regardless of the message
ie * Yubikey auth success. (reasonable) * Yubikey auth Failed: Unauthorized/Invalid OTP. (uhm, this would be better with a big red cross icon)
= reason =
= recommendation = make the icon more reflective of the status message
have categorised as 'web content' but may be security?
#2490: yubikey auth failure on admin.fp.o displays a tick icon -------------------------+------------------------ Reporter: elwell | Owner: webmaster Type: bug | Status: new Priority: trivial | Milestone: Component: Web Content | Version: Severity: Normal | Resolution: Keywords: yubikey | -------------------------+------------------------
Comment (by toshio):
Had a look at the code and I think we may need to patch the TurboGears package in order to fix this. If the patch is fairly unintrusive, I'd be okay with adding it to the TurboGears package we carry in Fedora and EPEL (and submitting upstream, of course).
#2490: yubikey auth failure on admin.fp.o displays a tick icon -------------------------+------------------------ Reporter: elwell | Owner: webmaster Type: bug | Status: new Priority: trivial | Milestone: Component: Web Content | Version: Severity: Normal | Resolution: Keywords: yubikey | -------------------------+------------------------
Comment (by toshio):
If you (or someone else) is willing to work on this, let me know -- I'll fill you in on IRC with what I discovered so far. It'll be something of a backport as this has been fixed in the flash() implementation in TurboGears2 but TG2's flash() is based on pylons so it's very different from TG1. I just don't have the time to work on the code for this at the moment.
websites@lists.fedoraproject.org
-
fedora-badges