Open ShaneMcC opened 5 years ago
Looks like #55 also fixed the verifyCode()
issue, didn't see it before I did this.
Good idea, but I think this would be better if it was handled in the same way as code length, for consistency (and also for ease-of-use).
Also, it might be sensible to validate the algorithm string, to avoid errors and potential URL-injection attacks.
RFC 6238 (https://tools.ietf.org/html/rfc6238) states:
This PR adds support for that.
I've also added additional tests to
codeProvider()
based on the code and output of the sample code in the RFC to validate the changes.As a side effect of implementing the above, I've also fixed the case where if you change the
_codeLength
,verifyCode()
always returned false for any value other than6
, and added some boilerplate at the top ofGoogleAuthenticatorTest.php
to make the tests run under phpunit 6+