safe_devices does not remember device

Laragear / TwoFactor

Two-Factor Authentication for all your users out-of-the-box.

https://github.com/sponsors/DarkGhostHunter

MIT License

273 stars 20 forks source link

safe_devices does not remember device #37

Closed michelterstege81 closed 1 year ago

michelterstege81 commented 1 year ago

PHP & Platform

8.1.6 & Windows (localhost)

Database

mysqlnd 8.1.6

Laravel version

9.43.0

Have you done this?

[X] I have checked my logs and I'm sure is a bug in this package.
[X] I can reproduce this bug in isolation (vanilla Laravel install)
[ ] I can suggest a workaround as a Pull Request

Expectation

2FA code not requested on next login on same device when safe_devices enabled = true.

Description

2FA code is requested on every login on the same device.

Column safe_devices stays on value null.

No additional browser cookie stored (2 cookies in use: session and csrf)

Reproduction

'safe_devices' => [
        'enabled'         => true,
        'cookie'          => '_2fa_remember',
        'max_devices'     => 3,
        'expiration_days' => 14,
    ],

Stack trace & logs

No response

michelterstege81 commented 1 year ago

wantsToAddDevice() returns false. I'm using the default view that comes with the package for the 2FA challenge.

wantsToAddDevice() checks for $this->request->filled('safe_device'), which is not in the request, since the view does not contain that field in the form.

Maybe this is just a documentation issue. I guess this only works when creating a custom view that uses a safe_device field.

DarkGhostHunter commented 1 year ago

Indeed, wantsToAddDevice() checks if the request contains safe_device and is not empty.

It could be added to the view if the safe_devices config is true, and hide it when it's disabled. Since I'm hands full right now, not on top of my list, but you're welcome to make a PR.

Waleedviews commented 1 year ago

@DarkGhostHunter i have exactly the same issue, how could i turn it on? i have added safe_device as a checkbox and is showing as on when i click on checkbox however it still shows safe_devices as a null, may be i am doing something wrong.

DarkGhostHunter commented 1 year ago

Edit the included view file Italo Baeza C.El 07-03-2023, a la(s) 17:43, Waleed Afridi @.***> escribió: @DarkGhostHunter i have exactly the same issue, how could i turn it on?

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

Waleedviews commented 1 year ago

@DarkGhostHunter could you please elaborate this?

DarkGhostHunter commented 1 year ago

Publish the view and edit the form.

Waleedviews commented 1 year ago

i already publish the view called confirm.blade.php, i have edit the form

<input id="safe_device" type="checkbox" class="border border-gray-300 name="safe_device" />
<label for="safe_device"> I trust this device. Don't ask for codes for 14 days. </label>

but nothing happened, it doesn't store the safe_devices data.

Waleedviews commented 1 year ago

@DarkGhostHunter checking to see if you have any update on this? thank you.

DarkGhostHunter commented 1 year ago

@DarkGhostHunter checking to see if you have any update on this? thank you.

Hands full. PR welcomed.

AlexisSerneels commented 1 year ago

Here is the correct code you need to use:

<input id="safe_device" type="checkbox" value="1" class="border border-gray-300" name="safe_device" />
                <label for="safe_device"> I trust this device. Don't ask for codes for 14 days. </label>

You were missing the value and the class attribute was not closed.

Waleedviews commented 1 year ago

@AlexisSerneels i try this and it doesn't work, i am sure there's some issue with the code, i haven't check the package code yet, is it working with you?