Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify user then what? #165

Open
movepixels opened this issue Feb 15, 2022 · 2 comments
Open

Verify user then what? #165

movepixels opened this issue Feb 15, 2022 · 2 comments

Comments

@movepixels
Copy link

I have everything running fine but I verify the users code from the Authenticator App

$secret = $request->input('one_time_password');
$valid = $google2fa->verifyKey($user->loginSecurity->google2fa_secret, $secret);

// do we need to set a verifed_2fa key / value somewhere?
// does verifyKey store a true false value somewhere?

But then what? where is this value saved? How can we do a check if 2fa has been verified?
The middleware fails at every point so I will rather make my own but still how do we know where to pull if the user was verified?

Seems the documentation just ends with no clue of what to do next.

Any help / insight would be greatly appreciated.
@B14ckP4nd4
Copy link

I have everything running fine but I verify the users code from the Authenticator App

$secret = $request->input('one_time_password');
$valid = $google2fa->verifyKey($user->loginSecurity->google2fa_secret, $secret);

// do we need to set a verifed_2fa key / value somewhere?
// does verifyKey store a true false value somewhere?

But then what? where is this value saved? How can we do a check if 2fa has been verified? The middleware fails at every point so I will rather make my own but still how do we know where to pull if the user was verified?

Seems the documentation just ends with no clue of what to do next.

Any help / insight would be greatly appreciated.

Hi @movepixels

You have to create a form containing a CSRF token like this :

<form action="/2fa" method="POST">
    @csrf
    <input name="one_time_password" type="text">
    <button type="submit">Authenticate</button>
</form>

and create a new post route as '/2fa' like this :

Route::post('/2fa', function () {
    return redirect(URL()->previous());
})->name('2fa')->middleware('2fa');

don't forget to set the input name in the config file

that's it now it will be redirected and login user

Good luck 👍

@movepixels
Copy link
Author

Sorry i failed to mention laravel serves as api access only, nuxt is front end so any csrf / blade templating is of no use

With a few days of tinkering and sampling from your code i managed to lock the user to a 2fa page if enabled and needed to verfity before going anywhere or simply pass if not enabled.

Pretty much 2 middleware i needed 1 for backend to restrict api access and one nuxt middleware to check also and decode

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@movepixels @B14ckP4nd4