github/reddit
1
1
Fork 0
mirror of https://github.com/reddit-archive/reddit.git synced 2026-04-27 03:00:12 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add framework for RFC-6238: Time-Based One Time Password Algorithm.

Browse Source 
This provides a system for two-factor authentication, using a compliant
OTP-generator such as Google Authenticator. The framework includes a
validator for use on API calls needing authentication as well as a UI
for provisioning/resetting your secret key. A secure cookie may be
generated to effectively turn the user's browser into a temporary
authentication factor.

This feature is currently limited to admins only until full-site SSL is
available.
This commit is contained in:
Neil Williams
2012-07-22 13:57:45 -07:00
parent 529df1b13b
commit 8dfd73b195
16 changed files with 421 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
r2/example.ini
View File

@@ -110,6 +110,8 @@ https_endpoint =
login_cookie = reddit_session
# name of the admin cookie
admin_cookie = reddit_admin
# name of the otp cookie
otp_cookie = reddit_otp
# the work factor for bcrypt, increment this every time computers double in
# speed. don't worry, changing this won't break old passwords
bcrypt_work_factor = 12
@@ -409,6 +411,8 @@ min_membership_create_community = 30
ADMIN_COOKIE_TTL = 32400
# the maximum amount of idle time for an admin cookie (seconds)
ADMIN_COOKIE_MAX_IDLE = 900
# the maximum life of an otp cookie
OTP_COOKIE_TTL = 604800
# min amount of karma to edit
WIKI_KARMA = 100