Rodauth Rails upgrade issue with ROTP Authentication Token

[wdperson]

We are upgrading rodauth-rails from version 1.11.0 to 1.14.1. We are having an issue where it throws an error saying "Invalid Authentication Token." We have narrowed it down to this code: https://github.com/mdp/rotp/blob/main/lib/rotp/totp.rb#L46

This code is in the rotp gem which we are using with rodauth-rails.

It shows a match for the otp vs the generated_otp based on the timecode with version 1.11.0.

However, when we upgrade to version 1.14.1 of rodauth-rails all of them come back as false for a match and throw the "Invalid Authentication Token" error.

I know the issue is coming up from the ROTP gem, but I am curious as to why upgrading Rodauth-Rails would affect this in any way.

[janko]

Note sure why it happens on older rodauth-rails version. I tried downgrading rodauth-rails on the rodauth-demo-rails repo, but the system test for TOTP still passed without errors.

Any chance you could reproduce this in a fresh Rails app with minimal configuration changes and a failing test?

[janko]

@wdperson Any luck with the issue reproduction?

[janko]

Going to close this issue until necessary reproduction steps are given.