OTP not being verified for some reason #238
Description
Version(s) affected
11.3.0
Description
It seems as if the TOTP sign in task in src/Command/Auth/Blocking/TotpSignInTask.php is not working as expected with Authenticator on the newest Chrome update.
<?php
namespace ChessServer\Command\Auth\Blocking;
use ChessServer\Command\AbstractDbBlockingTask;
use Firebase\JWT\JWT;
use OTPHP\InternalClock;
use OTPHP\TOTP;
class TotpSignInTask extends AbstractDbBlockingTask
{
public function run()
{
$otp = TOTP::createFromSecret($this->env['totp']['secret'], new InternalClock());
$otp->setDigits(9);
if ($otp->verify($this->params['password'], null, 5)) {
$sql = "SELECT * FROM users WHERE username = :username";
$values[] = [
'param' => ":username",
'value' => $this->params['username'],
'type' => \PDO::PARAM_STR,
];
$arr = $this->db->query($sql, $values)->fetch(\PDO::FETCH_ASSOC);
$sql = "UPDATE users SET lastLoginAt = now() WHERE username = :username";
$values[] = [
'param' => ":username",
'value' => $this->params['username'],
'type' => \PDO::PARAM_STR,
];
$this->db->query($sql, $values);
$payload = [
'iss' => $this->env['jwt']['iss'],
'iat' => time(),
'exp' => time() + 3600, // one hour by default
'username' => $arr['username'],
'elo' => $arr['elo'],
];
return [
'access_token' => JWT::encode($payload, $this->env['jwt']['secret'], 'HS256'),
];
}
return null;
}
}The chess server will always return null as if the otp cannot be verified for some reason. However, this exact same use case is working like a charm with FreeOTP.
How to reproduce
See Authenticator-Extension/Authenticator#1399
🙏 Any help will be much appreciated!
Possible Solution
No response
Additional Context
No response