search

kspearrin / Otp.NET

A .NET implementation of TOTP and HOTP for things like two-factor authentication codes.
https://www.nuget.org/packages/Otp.NET
MIT License
1.08k stars 164 forks source link

ValidateTotp Issue #53

Open x2affy opened 11 months ago

x2affy commented 11 months ago

Can some please help with this as i am stuck really.
If i create the QRcode and set it up with an authnticator the validate all works fine. However if i generate the secret and store this, then use it to create a TOTP and try to validate this, it always fails? I want to use email validation as well as an authenticator app. So i am generating an email with the totp created using the stored secret, but it fails validation.

Can some please help or point me in the right direction with this?

public class TotpManager : ITotpManager { private readonly string _qrCodeImagePrefix = "data:image/png;base64,"; private readonly string _totpAuthPrefix = "otpauth://totp/";

public string GenerateBase32Secret()
{
    var bytes = KeyGeneration.GenerateRandomKey(20);
    return Base32Encoding.ToString(bytes);
}

public string GenerateTotp(string base32Secret)
{
    var secretBytes = Base32Encoding.ToBytes(base32Secret);
    var totp = new Totp(secretBytes);
    return totp.ComputeTotp();
}
public string GenerateTotp(string base32Secret, int step)
{
    var secretBytes = Base32Encoding.ToBytes(base32Secret);
    var totp = new Totp(secretBytes, step);
    return totp.ComputeTotp();
}

public bool ValidateTotp(string base32Secret, string totp)
{
    var secretBytes = Base32Encoding.ToBytes(base32Secret);
    var totpValidator = new Totp(secretBytes);
    return totpValidator.VerifyTotp(totp, out _);
}

public string GenerateQrCodeUrl(string issuer, string accountName, string base32Secret)
{
    string totpUrl =
        $"{_totpAuthPrefix}{Uri.EscapeDataString(issuer)}:{Uri.EscapeDataString(accountName)}?secret={base32Secret}&issuer={Uri.EscapeDataString(issuer)}&algorithm=SHA1&digits=6&period=30";

    var qrGenerator = new QRCodeGenerator();
    var qrCodeData = qrGenerator.CreateQrCode(totpUrl, QRCodeGenerator.ECCLevel.Q);
    var qrCode = new QRCode(qrCodeData);

    using MemoryStream ms = new MemoryStream();
    using Bitmap qrCodeImage = qrCode.GetGraphic(20);
    qrCodeImage.Save(ms, ImageFormat.Png);
    byte[] qrCodeBytes = ms.ToArray();

    return $"{_qrCodeImagePrefix}{Convert.ToBase64String(qrCodeBytes)}";
}

}

ProneRainbow commented 5 months ago

If it helps anyone. When creating the new Totp for both Generate and Validate. Pass in the same params.

For example:

public bool ValidateTotp(string base32Secret, string totp, int step) { var secretBytes = Base32Encoding.ToBytes(base32Secret); var totpValidator = new Totp(secretBytes, step); return totpValidator.VerifyTotp(totp, out _); }