Bug on Recovery Code in Login

DarkGhostHunter / Laraguard

"On-premises 2FA Authentication for all your users out-of-the-box

MIT License

266 stars 24 forks source link

Bug on Recovery Code in Login #72

Closed aeq-dev closed 2 years ago

aeq-dev commented 2 years ago

Hello, I've just detected a bug when we use recovery code in login instead of TOTP, the reason is the rule validation here :

 protected function requestHasCode(): bool
    {
        return !validator($this->request->only($this->input), [
            $this->input => 'required|numeric',
        ])->fails();
    }

You need to remove 'numeric' to get true for recovery code. Regards

DarkGhostHunter commented 2 years ago

Could you send a PR? Kinda busy.

DarkGhostHunter commented 2 years ago

This fix was simple: I changed numeric for alpha_num.

TOTP Codes are entirely numeric. Recovery Codes are alphanumeric. In any case, you can change the Recovery Code generation in your model by overriding the generateRecoveryCodes() method.