3 Commits

• Fix incorrect handling of user verification failure response (#35629)

  `VerificationFailureResponse.RequiredSessionVerificationMethod` not
  being nullable means that if it was missing in the verification
  response, it would not be `null` but default to `TimedOneTimePassword`
  instead, therefore showing TOTP-related error messages to users that
  never enabled it rather than the user-facing message they were supposed
  to.
  
  Most easily tested on a local full-stack environment with
  
  ```diff
  diff --git a/app/Libraries/SessionVerification/MailState.php b/app/Libraries/SessionVerification/MailState.php
  index 305a2794ec0..3c2d15f335b 100644
  --- a/app/Libraries/SessionVerification/MailState.php
  +++ b/app/Libraries/SessionVerification/MailState.php
  @@ -14,7 +14,7 @@ use Carbon\CarbonImmutable;
  
   class MailState
   {
  -    private const KEY_VALID_DURATION = 600;
  +    private const KEY_VALID_DURATION = 10;
  
       public readonly CarbonImmutable $expiresAt;
       public readonly string $key;
  ```
  
  applied so that you don't have to wait 10 minutes to trigger the
  failure.

  Bartłomiej Dach · 2025-11-06 23:21:26 +09:00
  933fbd274d
• Add client-side support for TOTP authentication

  Closes https://github.com/ppy/osu/issues/34972.

  Bartłomiej Dach · 2025-09-16 10:36:34 +09:00
  37f58e5c80
• Add request structures for verification endpoints
  Bartłomiej Dach · 2024-01-24 13:53:40 +01:00
  7c140408ea