search

antonioribeiro / google2fa-laravel

A One Time Password Authentication package, compatible with Google Authenticator for Laravel
MIT License
925 stars 181 forks source link

middleware not working #121

Open w99910 opened 4 years ago

w99910 commented 4 years ago

Hi I'm also facing issues that the middleware is not working. Even though I haven't signed in, the following route works. like Route::get('/test_middleware', function () { dd('hello'); })->middleware('2fa'); In Kernal.php, protected $routeMiddleware = [ '2fa' => \PragmaRX\Google2FALaravel\Middleware::class,] I also configure 'view' => 'auth.2fa_verify', in google2fa.php . I have 2fa_verify view in views\auth\ . Screenshot (89)

Also I dd($authenticator->isAuthenticated()); and it returns true; HELP ME T_T . I've been stucking here for two days.

w99910 commented 4 years ago

I'm using "bacon/bacon-qr-code": "^1.0.3", "laravel/framework": "^8.0.3", "pragmarx/google2fa-laravel": "^1.3",

Sindious commented 4 years ago

Do you have a column to store the google2fa_secret and is it set.

I used a model TwoFA so i can link who has it enabled.

TwoFA.php model

namespace App;

use Illuminate\Database\Eloquent\Model;

class TwoFA extends Model
{
    protected $hidden = [
        'google2fa_secret',
    ];

    public function TwoFA()
    {
        return $this->belongsTo('App\User');
    }
}

TwoFA migration table

public function up()
    {
        Schema::create('two_f_a_s', function (Blueprint $table) {
            $table->id();
            $table->string('user_id');
            $table->string('google2fa_secret');
            $table->timestamps();
        });
    }

You can change the google2fa_secret column in 2FA config file config\google2fa.php look for otp_secret_column and change the names.

User.php model add this relation

public function TwoFA()
    {
        return $this->hasOne('App\TwoFA');
    }

How i create users for testing database\seeds\DatabaseSeeder.php

//creating a new user
$user = new \App\User;

$user->name = "admin";
$user->email = 'admin@admin';
$user->email_verified_at = now();
$user->password = '$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi'; //password
$user->remember_token = Str::random(10);

$user->save();

//creating a new secret and linking it to the user
$TwoFA = new \App\TwoFA;
$google2fa = new Google2FA();
$TwoFA->google2fa_secret = $google2fa->generateSecretKey();
$user->TwoFA()->save($TwoFA);

You can use the google authenticator app on your phone and manualy add the secret to test it. Hope it helps

DeBelserArne commented 4 years ago

It seems I have been running into this lately. My tests started failing, and after some digging it seemed that the OTP check never fails als just succeeds, even if the user has not yet OTP'ed yet.