jcohlmeyer
commented
2 years ago They are stored in the cache right now. So anytime you clear the cache you will have to re-enter.
Closed sunscreem closed 2 years ago
jcohlmeyer
commented
2 years ago They are stored in the cache right now. So anytime you clear the cache you will have to re-enter.
sunscreem
commented
2 years ago Ah thanks @jcohlmeyer. Could we maybe look to store them in something more permanent? I think it's fairly common practice to clear the cache on deploy (and I've a few sites that get deployed more than twice a week).
Happy to try and create a PR if that would help?
jcohlmeyer
commented
2 years ago Yes, I think this would be great.
sunscreem
commented
2 years ago Hey @jcohlmeyer. I've been attempting to create a PR for this and failed massively lol.
I found a nice way to store the tokens against a user in a more permenant storage by looking at how Statamic are doing the remember_token and last_login.
As you can see there they have some nice helper methods on a user.
My problem is working out how to combine that with setting the time on the remember token, something the cache driver handles already? If you've any idea's I'll have another go at creating a PR :)
jcohlmeyer
commented
2 years ago Thanks for trying this. I think we could use a date field like last_login such as 2fa_remember_token_created_at and compare that against the current date/time to see if the time has passed since the 2fa_remember_token was created.
jcohlmeyer
commented
2 years ago Thanks for getting this started, and showing me the setMeta and getMeta methods I am going to work on this now.
sunscreem
commented
2 years ago @jcohlmeyer Just put this onto a client site and it seems to be working a treat. 2 deploys, logged in and out a few times and no 2FA requests. Perfect!
When I deploy my sites I seem to have to re-enter the 2FA token again. I'm not sure where the tokens are stored so, being lazy, I thought I'd ask?