Comments (5)
john-nyxcoder
commented on June 11, 2024
@jhoff maybe this is related to your problem too, isn't it?
See: #158
from google2fa.
zortje
commented on June 11, 2024
The $timestamp variable is actually the timestamp divided with the key regeneration, so you would need to use the following code.
$keyRegen = 30; // 30 is the default
$timestamp = Google2FA::verifyKeyNewer(Auth::user()->totp_secret, $request->otp_code, Auth::user()->last_login / $keyRegen, 1);
if ($timestamp !== false) {
// Here the $timestamp variable is already divided with key regen, so if you want to parse this timestamp, remember to multiply $timestamp with $keyRegen first
dd("valid");
} else {
dd("invalid");
}
from google2fa.
rubensrocha
commented on June 11, 2024
My Solution(Laravel 8).
User Model Field: two_factor_time (timestamp default null)
2Fa Middleware:
if(session()->get('google2fa.otp_timestamp') || auth()->user()->two_factor_time){
//redirect to 2fa route;
}
return $next($request);
2Fa Controller (show view):
if (session()->get('google2fa.otp_timestamp') && auth()->user()->two_factor_time) {
//redirect to loggedin area
}
return view('2fa');
2Fa Controller (send/validate token):
$twoFactor = new Google2FA();
$user = User::find(auth()->user()->id);
$request->validate([
'token' => ['required', 'digits:6',
function ($attribute, $value, $fail) use ($twoFactor, $user) {
$lastCheck = strtotime($user->two_factor_time) / 30;
$timestamp = $twoFactor->verifyKeyNewer($user->two_factor_secret, $value, $lastCheck);
if ($timestamp === false) {
$fail('Invalid or expired Token');
}else{
$now = \Carbon\Carbon::now();
session()->put('google2fa.otp_timestamp', $now->toDateTimeString());
$user->update(['two_factor_time' => $now]);
}
}],
]);
//redirect user to secure area
I used a timestamp in the session and in the database to validate tokens already used before, because when logging out the session is destroyed, preventing the validation of tokens already used.
This way, if the DB field or the session field is null (or both), the middleware redirects the user to the 2FA page. The DB and session timestamp field must be defined for the user to access the secure area.
from google2fa.
imran0
commented on June 11, 2024
@zortje @rubensrocha I have tried dividing the unix timestamp by 30 as described in your post but the package still claims the code is incorrect. It simply doesn't accept any OTP's, both new or old.
I have verified the old timestamp value is accurate (and there are no timezone issues), could you advise how you got this working as I am not having much luck.
from google2fa.
Isild
commented on June 11, 2024
@imran0 there is that what @rubensrocha and @zortje said.
You must divide timestamp by 30. But if you change key regeneration you must use another number.
Best way to get actual number is use this:
$timeDiv = $this->google2fa->getKeyRegeneration();
And next when you use
$valid2Fa = $this->google2fa->verifyKeyNewer($user->google2fa_secret, $key, $user->google2fa_last_use/$timeDiv, $window);
it should works.
I don't know how looks yours timestamps format but I use Carbon::now()->timestamp which give me seconds since the Unix Epoch(1643290902) and it works.
from google2fa.
Related Issues (20)
- Not working with Laravel API HOT 1
- How to force the user to using 2FA
- Bug in testing (not a security issue)
- Bug in testing due to PHPUnit's interpretation HOT 1
- Don't ask for 2FA code every time HOT 3
- Google Authenticator and Authy App generating invalid codes HOT 1
- verifyKey always fail - simple demo HOT 1
- Is it possible to add enable 2FA using this library via a code (i.e. not using a QR code)? HOT 1
- (Old) Demo page is broken
- composer error: The archive may contain identical file names with different capitalization (which fails on case insensitive filesystems) Unzip with 7z command failed, falling back to ZipArchive class
- Anyone know how to deeplink open authenticator app from iOS
- verifyKeyNewer HOT 1
- Is it possible to install directly in FTP directory, ie. without using composer? HOT 1
- Secret key is too short. Must be at least 16 base32 characters
- Typo in a code of the Google2FA class on line 397 (8.x - php 7.4) HOT 1
- Code timing incorrect HOT 2
- libxml extention error HOT 1
- QRCode URL shows 404 HOT 8
- broken img link on google2fa qrcode HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from google2fa.