my $verify_short_lived_ticket = sub {
my ($ticket, $prefix, $username, $path, $noerr) = @_;
my $verify_short_lived_ticket = sub {
my ($ticket, $prefix, $username, $path, $noerr) = @_;
my $secret_data = "$username:$path";
my ($rsa_pub, $rsa_mtime) = get_pubkey();
my $secret_data = "$username:$path";
my ($rsa_pub, $rsa_mtime) = get_pubkey();
my ($type, $tfa_data) = user_get_tfa($username, $realm, 0);
if ($type) {
my ($type, $tfa_data) = user_get_tfa($username, $realm, 0);
if ($type) {
# Note that if the user did not manage to complete the initial u2f registration
# challenge we have a hash containing a 'challenge' entry in the user's tfa.cfg entry:
$tfa_data = undef if exists $tfa_data->{challenge};
# Note that if the user did not manage to complete the initial u2f registration
# challenge we have a hash containing a 'challenge' entry in the user's tfa.cfg entry:
$tfa_data = undef if exists $tfa_data->{challenge};