speakeasy icon indicating copy to clipboard operation
speakeasy copied to clipboard

Published 20 hours ago verified publisher icon speakeasyjs

every time failstotp.verify()

Open saikatharryc opened this issue 8 years ago • 4 comments

[HELP WANTED] Hi, I want to generate a token that will last for a certain time, say for 7200 second, that is two hour. what is want to do is, it will give me false when I'm ging to verify a token two hour after generation. that is will be valid till two hour of generation.

Do I need to use verifyDelta? its every time giving me false when I'm setting time.

and my code is below to generate the token:


 var secret = speakeasy.generateSecret();
        var token = speakeasy.totp({
            secret: secret.base32,
            encoding: 'base32',
           time : 7200
              });

and here is the verify:

var verified = speakeasy.totp.verify({
          secret: secret_str,
          encoding: 'base32',
          token: req.body.unique_code,
         window: 240   //as window value 1 for each 30 secoends..
      });

saikatharryc avatar Feb 26 '17 05:02 saikatharryc

The time step needs to be provided to both totp() and totp.verify(). See https://github.com/speakeasyjs/speakeasy/blob/master/index.js#L286

On Feb 25, 2017, at 9:08 PM, Saikat Chakrabortty [email protected] wrote:

Hi, I want to generate a token that will last for a certain time, say for 7200 second,

and my code is below to generate the token:

var secret = speakeasy.generateSecret(); var token = speakeasy.totp({ secret: secret.base32, encoding: 'base32', window: 240 //as window value 1 for each 30 secoends.. });

and here is the verify:

var verified = speakeasy.totp.verify({ secret: secret_str, encoding: 'base32', token: req.body.unique_code, //time: 200, //time specified in secoends window: 2, step : 60 });

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/speakeasyjs/speakeasy/issues/81, or mute the thread https://github.com/notifications/unsubscribe-auth/AAm4b3N-jInKeWLh88vNaqjB2JTeAK6Zks5rgQjqgaJpZM4MMPtB.

mikepb avatar Feb 26 '17 22:02 mikepb

yeah, i have done the same as you said, but still its failing..says false

saikatharryc avatar Feb 27 '17 07:02 saikatharryc

You have different values for window in the two functions. Please review the documentation carefully; let us know if we can make it clearer how to use the library.

On Feb 26, 2017, at 11:07 PM, Saikat Chakrabortty [email protected] wrote:

yeah, i have done the same as you said, but still its failing..says false

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/speakeasyjs/speakeasy/issues/81#issuecomment-282643984, or mute the thread https://github.com/notifications/unsubscribe-auth/AAm4b5r_vPBG3TI_--I2LRaPJlQrwl7Dks5rgnZGgaJpZM4MMPtB.

mikepb avatar Feb 27 '17 07:02 mikepb

Even thought its kinda late, but maybe it'll still be of use to you @saikatharryc This is my test case to validate that the token is truly invalid at the very next step mark:

  const secret = "foo"
  const step = 75
  const timestamp = Math.floor(Date.now() / 1000)
  const response = await request
    .post(url)
    .send({ secret, step })
    .expect(201)

  expect(response.body).toHaveProperty("token")
  expect(response.body.token).toHaveLength(6)

  const encoding = "base32" // Default by the route but not by the verify function
  const time = timestamp + (step - (timestamp % step)) // Move timestamp to the very first mark of the next step
  const token = response.body.token

  expect(totp.verify({
    encoding,
    secret,
    step,
    token,
  })).toBe(true)

  expect(totp.verify({
    encoding,
    secret,
    step,
    time,
    token,
  })).toBe(false)

krenor avatar May 25 '18 11:05 krenor