authenticate_otp now returns timestamp or nil instead of boolean

heapsource / active_model_otp

Adds methods to set and authenticate against one time passwords (Two-Factor Authentication). Inspired in AM::SecurePassword

MIT License

769 stars 81 forks source link

authenticate_otp now returns timestamp or nil instead of boolean #57

Closed asehra closed 3 years ago

asehra commented 5 years ago

ROTP changed their implementation of verify to return timestamp (eg 1561654770) when the otp is valid and nil otherwise instead of a true or false. README still says that authenticate_otp returns true or false.

Pahicz commented 5 years ago

Is it ok, that I get 0 as return value? I am using counter based OTP.

mamaremere commented 4 years ago

@Pahicz , it seems that for counter based OTP, ROTP returns the value of the counter instead of the timestamp. nil still means that the token is not verified. Here's the documentation from ROTP: https://github.com/mdp/rotp#counter-based-otps

kevinhq commented 4 years ago

We run through this problem too. Getting a timestamp or nil (when it should be false). Any update or workaround for this?

mamaremere commented 4 years ago

@kevinhq , this gem, active_model_otp respects the response received from rotp, the gem that does all the heavy-lifting:

For time-based tokens, rotp will return an integer timestamp for success or nil for failure.

For counter-based tokens, rotp will return the current count for success or nil for failure.

The docs on this gem should probably be updated, but I don't see much activity from the maintainer.

pedrofurtado commented 3 years ago

PR https://github.com/heapsource/active_model_otp/pull/85 merged 🎉