Closed sahilchopra closed 3 years ago
Did you re-bind this user's authenticator with the new secret key?
Hey everyone! Is this still a issue? Or we can close it?
Hey @pedrofurtado Seems it is! I have bunch of customers having this same problem (but many other customers got the match to enable the 2fa)! I did this:
User.find_each { |user| user.update_column(:otp_secret_key, User.otp_random_secret) }
Seems this User.otp_random_secret
generates the same pattern as ROTP::Base32.random_base32
Also I did some investigations and seems there's some delay between Google Authenticator (i.e. the user..otp_code
is different of Google Authenticator App but same after bunch of seconds (and increasing drift
for user.authenticate_otp
doesn't work)
Could someone help me? I'm allowing users to operating the system without 2FA because of that error.
Hi @diegopolido ! Thanks for feedback 🤝
Could you confirm if this occurs with you in latest stable version (v2.1.1 at this moment)? If so, maybe we can help in a more assertive way with a minimalistic reproducible repo, what do you think?
because here, we are using active_model_otp for a long time, and we never faced that issue. So, the mini-repo can help us to catch the root cause 🕵️ 🔍
Anyway, when we regenerate the otp_secret_key for a specific User, we must re-bind the new QR Code again with authenticator app, to make them (authenticator app + backend) in sync 👍
Regenerating the otp secret key, without rebinding the QR Code (that will be different of previously used) in authenticator app, will invalidate all attempts to 2fa in your application.
I don't know if it's related to this issue, but this is a important note to be careful🍻
yeah.. I told the client to delete the old codes from the App and then read the code again. didn't work.
Reference for guys with this problem of delay (clock time) between Google Auth app and backend: https://github.com/heapsource/active_model_otp/issues/46#issuecomment-815852023
Feel free to reopen this issue, if this link above not worked for your scenario 🤝
After updating otp_secret_key to ROTP::Base32.random_base32. OTP doesn't match with Google Authenticator OTP