devise-two-factor icon indicating copy to clipboard operation
devise-two-factor copied to clipboard

Published 20 hours ago verified publisher icon tinfoil

shared examples `two_factor_authenticatable` failed when set `otp_allowed_drift` to 5

Open jsice opened this issue 3 years ago • 0 comments

some tests might fail if the otp_allowed_drift is too low

it 'does not validate an OTP above the allowed drift' do
  otp = ROTP::TOTP.new(otp_secret).at(Time.now + subject.class.otp_allowed_drift * 2)
  expect(subject.validate_and_consume_otp!(otp)).to be false
end

it 'does not validate an OTP below the allowed drift' do
  otp = ROTP::TOTP.new(otp_secret).at(Time.now - subject.class.otp_allowed_drift * 2)
  expect(subject.validate_and_consume_otp!(otp)).to be false
end

An OTP is valid for INTERVAL + otp_allowed_drift * 2 seconds but these test cases didn't include the interval so if otp_allowed_drift is less than the interval, the tests may possibly fail

jsice avatar Aug 19 '21 11:08 jsice