Switch back to the default SHA1 algorithm.

Apparently Microsoft Authenticator does not support the SHA256 or SHA512 algorithms.
openwebwork · Mar 16, 2024 · 0f25704 · 0f25704
1 parent 334557c
commit 0f25704
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/lib/WeBWorK/Utils/TOTP.pm b/lib/WeBWorK/Utils/TOTP.pm
@@ -17,10 +17,10 @@ sub new {
 		@$self{ keys %$options } = values %$options;
 	}
 
-	$self->{digits}    = 6        unless $self->{digits}            && $self->{digits}    =~ m/^[678]$/;
-	$self->{period}    = 30       unless $self->{period}            && $self->{period}    =~ m/^[36]0$/;
-	$self->{algorithm} = 'SHA512' unless $self->{algorithm}         && $self->{algorithm} =~ m/^SHA(1|256|512)$/;
-	$self->{tolerance} = 0        unless defined $self->{tolerance} && $self->{tolerance} =~ m/^\d+$/;
+	$self->{digits}    = 6      unless $self->{digits}            && $self->{digits}    =~ m/^[678]$/;
+	$self->{period}    = 30     unless $self->{period}            && $self->{period}    =~ m/^[36]0$/;
+	$self->{algorithm} = 'SHA1' unless $self->{algorithm}         && $self->{algorithm} =~ m/^SHA(1|256|512)$/;
+	$self->{tolerance} = 0      unless defined $self->{tolerance} && $self->{tolerance} =~ m/^\d+$/;
 
 	$self->{secret} = $self->gen_secret($self->{algorithm} eq 'SHA512' ? 64 : $self->{algorithm} eq 'SHA256' ? 32 : 20)
 		unless $self->{secret};