Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ROTP and Rodauth #432

Closed
wdperson opened this issue Jul 16, 2024 · 4 comments
Closed

ROTP and Rodauth #432

wdperson opened this issue Jul 16, 2024 · 4 comments

Comments

@wdperson
Copy link

We are using the ROTP gem with Rodauth rails (however the issue may be coming from Rodauth...see below) and after upgrading to the latest version of Rodauth Rails, we are having an issue with verifying the one time password. The line here:
https://github.com/mdp/rotp/blob/main/lib/rotp/otp.rb#L53

ROTP is looking for two params. From Rodauth, it seems to only be passing one of the two params to ROTP:

otp.verify(ot_pass, :drift_behind=>drift, :drift_ahead=>drift)

I am not sure if it is an issue with ROTP or Rodauth or if I am not understanding how this is working. Any help would be appreciated. I also opened this issue on ROTP's repo.

@jeremyevans
Copy link
Owner

@wdperson
Copy link
Author

@jeremyevans thanks for the help. That helped narrow it down. However, in version 1.11.0 of rodauth-rails The code here:
https://github.com/mdp/rotp/blob/main/lib/rotp/totp.rb#L46

Shows a match for the otp vs the generated_otp based on the timecode.

However, when I upgrade to version 1.14.1 of rodauth-rails all of them come back as false for a match and throw a "Invalid Authentication Token" error.

I think I am straying off topic a bit for Rodauth here, if it is better I open an issue/reference this one in rodauth-rails I can do that.

@jeremyevans
Copy link
Owner

Best practice if you are using rodauth-rails is to always open a discussion in the rodauth-rails repository. If @janko determines the issue is actually in Rodauth, he'll raise the issue here.

@wdperson
Copy link
Author

@jeremyevans thanks, that's what I will do. Appreciate your help/guidance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants