search

heapsource / active_model_otp

Adds methods to set and authenticate against one time passwords (Two-Factor Authentication). Inspired in AM::SecurePassword
MIT License
773 stars 81 forks source link

Google Authenticator not working #46

Closed hkairi closed 3 years ago

hkairi commented 5 years ago

Hello

After the last update ... OTP codes generated by the Google Authenticator app don't work.

The OTP codes generated by "user.otp_code" work well

( Everything was working fine before the gem update)

rickpr commented 5 years ago

Which version of rotp are you using? The latest update works for me if I use rotp 4.0.2, but not rotp 3.3.1.

hkairi commented 5 years ago

i am using the "rotp 4.0.2".

hkairi commented 5 years ago

https://www.driftingruby.com/episodes/two-factor-authentication

This was working before the update. Today it does not work

rickpr commented 5 years ago

Ah, I thought perhaps you referred to the current version from GitHub.

The DriftingRuby episode uses the released version 1.2.0. The released version is compatible with rotp 3.3.1, and not 4.0.2.

Try adding to the Gemfile

gem 'rotp', '= 3.3.1'

Then run bundle update. This makes it work for me.

hkairi commented 5 years ago

Hello,

I am using both versions ...

today i fixed the version of rotp to '3.3.1' and i have this error :

undefined method `to_i' for {:drift_behind=>60}:Hash Did you mean? to_s to_a to_h

jeanpauldejong commented 5 years ago

I've had to go back to 3.3.1 as well to make this work again.

hkairi commented 5 years ago

What period of time do you use to make work ?

pedrofurtado commented 3 years ago

Hi everyone! 👋

Is this still a issue?

diegopolido commented 3 years ago

Hey guys, how is it going? I figured what happened with my customers. I was commenting on this issue before but seems it's more related to this. I realized that my customers couldn't enable their accounts because there is some delay between their Google Authenticator app and the application. I was digging until I found some workaround for me: I added also drift_ahead on my verification by overriding the authenticate_otp to add the drift_ahead arg to ROTP::TOTP#verify:


ActiveModel::OneTimePassword::InstanceMethodsOnActivation.module_eval do
  def authenticate_otp(code, options = {})
    return true if backup_codes_enabled? && authenticate_backup_code(code)

    if otp_counter_based
      hotp = ROTP::HOTP.new(otp_column, digits: otp_digits)
      result = hotp.verify(code, otp_counter)
      if result && options[:auto_increment]
        self.otp_counter += 1
        save if respond_to?(:changed?) && !new_record?
      end
      result
    else
      totp = ROTP::TOTP.new(otp_column, digits: otp_digits)
      if drift = options[:drift]
        totp.verify(code, drift_behind: drift, drift_ahead: drift)
      else
        totp.verify(code)
      end
    end
  end
end

Maybe this solution is acceptable and could be considered to go to the main branch. What do you guys think?

pedrofurtado commented 3 years ago

@diegopolido This delay, that you mentioned, is related to clock time in device (timezone or something else)?

diegopolido commented 3 years ago

@pedrofurtado could be

pedrofurtado commented 3 years ago

Feel free to open a PR with this suggestion, ok? 🤝 🍻 The issue was resolved by workaround, so we are closing this, for now