search

laravel / fortify

Backend controllers and scaffolding for Laravel authentication.
https://laravel.com/docs/fortify
MIT License
1.62k stars 294 forks source link

The provided two factor authentication code was invalid. #149

Closed akhzarjaved closed 3 years ago

akhzarjaved commented 3 years ago

Description:

I have used laravel fortify without jetstream. The 2FA is always returning false.

Recovery codes are working but the 6 digit code always return false

class TwoFactorAuthenticatedSessionController extends Controller
{

    ... 

    /**
     * Attempt to authenticate a new session using the two factor authentication code.
     *
     * @param  \Laravel\Fortify\Http\Requests\TwoFactorLoginRequest  $request
     * @return mixed
     */
    public function store(TwoFactorLoginRequest $request)
    {
        $user = $request->challengedUser();

        if ($code = $request->validRecoveryCode()) {
            $user->replaceRecoveryCode($code);
        } elseif (! $request->hasValidCode()) {  // This always return false
            return app(FailedTwoFactorLoginResponse::class);
        }

        $this->guard->login($user, $request->remember());

        return app(TwoFactorLoginResponse::class);
    }

}

$request->hasValidCode()

public function hasValidCode()
    {
        return $this->code && app(TwoFactorAuthenticationProvider::class)->verify(
            decrypt($this->challengedUser()->two_factor_secret), $this->code
        );
    }

I haven't changed the fortify backend. I have only converted the frontend to bootstrap (Without jetstream).

Steps To Reproduce:

There is no steps to be honest, I have activated the 2FA for a account and it provided the barcode with recovery codes. I logged out from the account & tried to login. The 6 digit code never worked. Only recovery code works. I am using Google Authenticator

akhzarjaved commented 3 years ago

I just tried with a fresh laravel installation with jetstream. It didn't work on fresh project as well. Am i missing something ?

driesvints commented 3 years ago

Works fine for me on a fresh jetstream install. Can you first please try one of the support channels below? If you can actually identify this as a bug, feel free to report back and I'll gladly help you out and re-open this issue.

Thanks!