search

RobThree / TwoFactorAuth.Net

.Net library for Two Factor Authentication (TFA / 2FA)
MIT License
338 stars 59 forks source link

VerifyCode(secret, code, n, out slice) returns invalid timeslice value #5

Closed lellis1936 closed 6 years ago

lellis1936 commented 6 years ago

The new methods are working great for my application, but there seems to be a bug. I am getting slice values that are separated by as little as 6 seconds, and they are not multiples of 30 seconds. Here is some code:

 for (; ; )
            {
                Console.Write("Enter the Google code: ");
                string code = Console.ReadLine();
                if (code == "")
                    break;

                if (tfa.VerifyCode(secret, code, 2, out slice))
                {
                    if (slice <= lastMatchingTimeSlice)
                        Console.WriteLine("Code is valid, but you already used it");
                    else
                    {
                        Console.WriteLine("Valid code!");
                        lastMatchingTimeSlice = slice;
                    }
                }
                else
                    Console.WriteLine("Invalid code");

                Console.WriteLine();
            }

I assume the timeslice value is supposed to be a unix timestamp rounded down to the previous 30 second boundary, and that it represents the timeslice associated with the matched code.

But I see the following values on one iteration:

slice = 1528241471
lastMatchingTimeslice = 1528241465

Is this a bug? What I am seeing is that my code fails to detect code reuse if the same code is entered twice.

RobThree commented 6 years ago

Can you show the code where you create the tfa object? Are you sure the period isn't set to 6 seconds?

RobThree commented 6 years ago

DAMNED... rushed it too hard. There's a bug indeed... instead of timeslices it returns timestamps. I'll see what I can do.

RobThree commented 6 years ago

Must've been too tired from coding all day. It now returns a timeslice instead of a timestamp.

Update your nuget package and it should be fine. 1.3.3 (may take a few minutes before it's available). I unlisted 1.3.2.

lellis1936 commented 6 years ago

Yes, all is well now. Thank you. Your library is elegant and simple indeed. Love the sample program, too to get a programmer up-to-speed. So happy to be able to switch now off our home-brewed solution.