search

antonioribeiro / google2fa-laravel

A One Time Password Authentication package, compatible with Google Authenticator for Laravel
MIT License
924 stars 181 forks source link

In Some of domain qr code is generate but could not verified the 6 digit code which is from authenticator application #200

Open ajaytilala opened 2 weeks ago

ajaytilala commented 2 weeks ago

i did setup my laravel 10 project with PHP version 8.3 and install "pragmarx/google2fa-laravel": "^2.2","bacon/bacon-qr-code": "^3.0"

I have two domains Here, first domain it working fine but second domain there is QR Code is generated and when I try scan via authenticator app and enter 6-digit verification code it didn't verified mean it is shows that invalid code each any every time I did many time refresh and reload page but still it did not working

Here, below is my code

Route:

Route::any('/mfa/setup', [CommonController::class, 'mfaSetup'])->name('mfa.setup');

Action: (CommonController.php)


namespace App\Http\Controllers;

use Illuminate\Http\Request;
use PragmaRX\Google2FAQRCode\Google2FA;
use Carbon\Carbon;
use Session;

class CommonController extends Controller
{
    public function __construct() {

    }

    public function mfaSetup(Request $request)
    {
        $authUser = auth()->user();
        $google2fa = new Google2FA();

        if($request->isMethod('post')) {
            $request->validate([
                'mfa_secret' => 'required|string',
                'digit_code' => 'required|string',
            ]);

            $valid = $google2fa->verifyKey($request->mfa_secret, $request->digit_code);
            if ($valid) {
                $authUser = auth()->user();
                $authUser->mfa_secret = $request->mfa_secret;
                $authUser->is_mfa_enabled = 1;        
                $authUser->save();

                Session::flash("success", "MFA is Enabled Successfully.");
                return redirect()->route('user.myProfile');
            }

            return redirect()->back()->with('error', 'Invalid MFA Verification code. Please try again.');
        }

        $mfaSecret = $google2fa->generateSecretKey();
        $mfaQRCodeUrl = $google2fa->getQRCodeInline('TT Electronics', $authUser->username, $mfaSecret);    

        return view('auth.mfa_setup', ['mfaQRCodeUrl' => $mfaQRCodeUrl, 'mfaSecret' => $mfaSecret]);
    }
}

Blade View : (auth/mfa_setup.blade.php)

<form method="POST" action="{{ route('mfa.setup') }}">
    @csrf        
    <input type="hidden" name="mfa_secret" value="{{ old('mfa_secret', $mfaSecret) }}">
    <img src="{{ $mfaQRCodeUrl }}" style="height: auto;">
    <input type="text" class="form-control" placeholder="6 Digit Code" name="digit_code" required>
    <button type="submit" class="btn btn-primary">Verify Code</button>
</form>
mfn commented 2 weeks ago

"time is of essence"

Did you verify the clock on the domain / server where it's not working is correct?

TechNov commented 1 week ago

i facing out the same issue.

In m y dev env ( Windows 11), OTP verification work fine. It work in my test server too ( ubuntu). but when i deployed it on my Prod server (Ubuntu), the verifyKey function return alwas FALSE. Have you a solution please?

TechNov commented 1 week ago

@

"time is of essence"

Did you verify the clock on the domain / server where it's not working is correct?

You save me. Thank a lot. I facing out since 1 monht. Mu prod server was 2 minute ahead . It work fine