search

sonata-project / GoogleAuthenticator

[Abandoned] Library to integrate Google Authenticator into a PHP project
https://github.com/sonata-project/GoogleAuthenticator
MIT License
436 stars 120 forks source link

Time base is not working #117

Closed RahulDey12 closed 4 years ago

RahulDey12 commented 6 years ago

I just make a 2FA for testing purpose but the code is still verifying after the time expired.

TheDamiR commented 4 years ago

I just make a 2FA for testing purpose but the code is still verifying after the time expired.

That is correct, if you check GoogleAuthenticator in the checkCode function on line 78 you'll see that it continues to work since the user can delay entering the 6-digit code, then the previous period is allowed.

// current period
$result += hash_equals($this->getCode($secret, $this->now), $code);

// previous period, happens if the user was slow to enter or it just crossed over
$dateTime = new \DateTimeImmutable('@'.($this->now->getTimestamp() - $this->codePeriod));
$result += hash_equals($this->getCode($secret, $dateTime), $code);

// next period, happens if the user is not completely synced and possibly a few seconds ahead
$dateTime = new \DateTimeImmutable('@'.($this->now->getTimestamp() + $this->codePeriod));
$result += hash_equals($this->getCode($secret, $dateTime), $code);
github-actions[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.