Browse Source

fix rotp 4 breaking authenticate totp

master
Andrés Riveros 6 years ago
parent
commit
d462080c47
  1. 5
      lib/two_factor_authentication/models/two_factor_authenticatable.rb

5
lib/two_factor_authentication/models/two_factor_authenticatable.rb

@ -39,7 +39,10 @@ module Devise
drift = options[:drift] || self.class.allowed_otp_drift_seconds drift = options[:drift] || self.class.allowed_otp_drift_seconds
raise "authenticate_totp called with no otp_secret_key set" if totp_secret.nil? raise "authenticate_totp called with no otp_secret_key set" if totp_secret.nil?
totp = ROTP::TOTP.new(totp_secret, digits: digits) totp = ROTP::TOTP.new(totp_secret, digits: digits)
new_timestamp = totp.verify_with_drift_and_prior(without_spaces(code), drift, totp_timestamp) new_timestamp = totp.verify(
without_spaces(code),
drift_ahead: drift, drift_behind: drift, after: totp_timestamp
)
return false unless new_timestamp return false unless new_timestamp
self.totp_timestamp = new_timestamp self.totp_timestamp = new_timestamp
true true

Loading…
Cancel
Save