Still regularly forced to reauthorize

andersespedalen commented 10 months ago

Issue #32 was closed, but this is still a problem. @dumithsalinda

I am forced to reauthorize quite often during the day, even though I have no reauthorize_urls defined and the reauthorize_timeout is set to 10080 which is a week

     //  ./config/nova-two-factor.php
    'reauthorize_urls' => [
        // 'nova/resources/users/new',
        // 'nova/resources/users/*/edit',
    ],

    /* timeout in minutes */
    'reauthorize_timeout' => 10080,

ricardo-lobo commented 8 months ago

I have the same issue. Users complaint that they have to put the code several times every day.

mstaack commented 5 months ago

@lahirulhr please reopen this. i am having the same issue.

?

the middleware checks for the timestamp in the session, which is not present, so default is used:

public static function promptEnabled(Request $request)
    {

        $timeout = config('nova-two-factor.reauthorize_timeout', 5);

        $promptFor = config('nova-two-factor.reauthorize_urls', []);

        $hasUrl = $request->is($promptFor);

        $lastAttempt = session()->get('2fa.prompt_at', now()->subMinutes($timeout + 1));

        if ($lastAttempt->diffInMinutes(now()) > $timeout && $hasUrl) {
            return true;
        }

        return false;
    }

lahirulhr commented 5 months ago

@mstaack Thanks for pointing out the exact issue. i'm going to apply a fix for it.

mstaack commented 5 months ago

still having the issue, even on the latest release. need to verify on a daily basis...

will investigate soon

Visanduma / nova-two-factor

Still regularly forced to reauthorize #47