google2fa-laravel icon indicating copy to clipboard operation
google2fa-laravel copied to clipboard

Published 20 hours ago verified publisher icon antonioribeiro

Verify user then what?

Open movepixels opened this issue 3 years ago • 2 comments
trafficstars

I have everything running fine but I verify the users code from the Authenticator App

$secret = $request->input('one_time_password');
$valid = $google2fa->verifyKey($user->loginSecurity->google2fa_secret, $secret);

// do we need to set a verifed_2fa key / value somewhere?
// does verifyKey store a true false value somewhere?

But then what? where is this value saved? How can we do a check if 2fa has been verified? The middleware fails at every point so I will rather make my own but still how do we know where to pull if the user was verified?

Seems the documentation just ends with no clue of what to do next.

Any help / insight would be greatly appreciated.

movepixels avatar Feb 15 '22 01:02 movepixels

I have everything running fine but I verify the users code from the Authenticator App

$secret = $request->input('one_time_password');
$valid = $google2fa->verifyKey($user->loginSecurity->google2fa_secret, $secret);

// do we need to set a verifed_2fa key / value somewhere?
// does verifyKey store a true false value somewhere?

But then what? where is this value saved? How can we do a check if 2fa has been verified? The middleware fails at every point so I will rather make my own but still how do we know where to pull if the user was verified?

Seems the documentation just ends with no clue of what to do next.

Any help / insight would be greatly appreciated.

Hi @movepixels

You have to create a form containing a CSRF token like this :

<form action="/2fa" method="POST">
    @csrf
    <input name="one_time_password" type="text">
    <button type="submit">Authenticate</button>
</form>

and create a new post route as '/2fa' like this :

Route::post('/2fa', function () {
    return redirect(URL()->previous());
})->name('2fa')->middleware('2fa');

don't forget to set the input name in the config file

that's it now it will be redirected and login user

Good luck :+1:

B14ckP4nd4 avatar May 25 '22 20:05 B14ckP4nd4

Sorry i failed to mention laravel serves as api access only, nuxt is front end so any csrf / blade templating is of no use

With a few days of tinkering and sampling from your code i managed to lock the user to a 2fa page if enabled and needed to verfity before going anywhere or simply pass if not enabled.

Pretty much 2 middleware i needed 1 for backend to restrict api access and one nuxt middleware to check also and decode

movepixels avatar May 27 '22 14:05 movepixels