Closed victorlap closed 4 years ago
Thanks. Since it's a very variable thing, a Cache could be better.
I will consider this as a security problem, because an attacker could spy the code and use it again. I will take down the package from packagist until this is resolved.
I resolved it locally. Basically, a trait initialized the cache and then saves the code until the time it expires.
Need more testing, but I plan to release it this week.
Fixed in #2
I am impressed by the speedy resolution!🙌
I am impressed by the speedy resolution!🙌
Thanks. Any new idea hit the issues.
First and foremost, I would like to thank you for creating such a nice project. I want to implement this in an app but stumbled accross the following piece in the TOTP RFC:
Maybe it is feasible to cache the usage of a token and only allow the first submission to pass through?