search

sonata-project / GoogleAuthenticator

[Abandoned] Library to integrate Google Authenticator into a PHP project
https://github.com/sonata-project/GoogleAuthenticator
MIT License
436 stars 120 forks source link

Authentication with 60 seconds period not possible #284

Closed tg24 closed 2 years ago

tg24 commented 3 years ago

Environment

Sonata packages

show

``` sonata-project/google-authenticator 2.3.1 2.3.1 Library to integrate Google ... ```

Symfony packages

show

``` no result ```

PHP version

7.4.15

Subject

If one creates a GoogleAuthenticator instance with a 60-seconds code period:

$authenticator = new GoogleAuthenticator(6, 20, null, 60);

it's not possible to authenticate successfully while calling the checkCode() method.

I think the issue is caused by the ability to modify the $codePeriod but not the $periodSize. If one is going to calculate codes with a codePeriod = 60 and a periodSize = 30 (by default), checkCode() and getCode() will calculate codes for double as many codes (than with a codePeriod of 30) for 30 seconds periods which leads in all cases to non-matching codes. The wrong codes are caused by the variable $timeForCode which falsely calculates the amount of periods of 30 seconds since UNIX epoch but not the amount of 60 second periods.

To solve the issue I was able to set the periodSize via Reflection. A better way would be to allow the periodSize as a formal argument to the constructor.

VincentLanglet commented 2 years ago

I'm closing this since the package is deprecated/abandoned.