Authenticator
Authenticator copied to clipboard
Published
20 hours ago •
Authenticator-Extension
Authenticator-Extension
Authenticator suddenly stopped working
Describe the issue
Figure 1. Visit the ChesslaBlab website and click on Sign In
Figure 2. Click on the Extensions icon and select Authenticator
Figure 3. Type the username and password and click on Sign In
It seems as if the TOTP sign in task in src/Command/Auth/Blocking/TotpSignInTask.php is not working as expected with the newest Chrome update.
<?php
namespace ChessServer\Command\Auth\Blocking;
use ChessServer\Command\AbstractDbBlockingTask;
use Firebase\JWT\JWT;
use OTPHP\InternalClock;
use OTPHP\TOTP;
class TotpSignInTask extends AbstractDbBlockingTask
{
public function run()
{
$otp = TOTP::createFromSecret($this->env['totp']['secret'], new InternalClock());
$otp->setDigits(9);
if ($otp->verify($this->params['password'], null, 5)) {
$sql = "SELECT * FROM users WHERE username = :username";
$values[] = [
'param' => ":username",
'value' => $this->params['username'],
'type' => \PDO::PARAM_STR,
];
$arr = $this->db->query($sql, $values)->fetch(\PDO::FETCH_ASSOC);
$sql = "UPDATE users SET lastLoginAt = now() WHERE username = :username";
$values[] = [
'param' => ":username",
'value' => $this->params['username'],
'type' => \PDO::PARAM_STR,
];
$this->db->query($sql, $values);
$payload = [
'iss' => $this->env['jwt']['iss'],
'iat' => time(),
'exp' => time() + 3600, // one hour by default
'username' => $arr['username'],
'elo' => $arr['elo'],
];
return [
'access_token' => JWT::encode($payload, $this->env['jwt']['secret'], 'HS256'),
];
}
return null;
}
}
The chess server will always return null as if the otp cannot be verified for some reason. However, this exact same use case is working like a charm with FreeOTP.
🙏 Any help will be much appreciated!
Browser
Chrome
Browser Version
134.0.6998.35 (Official Build) (64-bit)
Extension Version
8.0.1
