In Some of domain qr code is generate but could not verified the 6 digit code which is from authenticator application

Question

In Some of domain qr code is generate but could not verified the 6 digit code which is from authenticator application

ajaytilala opened this issue 3 months ago · 3 comments

i did setup my laravel 10 project with PHP version 8.3 and install "pragmarx/google2fa-laravel": "^2.2","bacon/bacon-qr-code": "^3.0"

I have two domains
Here, first domain it working fine but second domain there is QR Code is generated and when I try scan via authenticator app and enter 6-digit verification code it didn't verified mean it is shows that invalid code each any every time I did many time refresh and reload page but still it did not working

Here, below is my code

Route:

Route::any('/mfa/setup', [CommonController::class, 'mfaSetup'])->name('mfa.setup');

Action: (CommonController.php)

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use PragmaRX\Google2FAQRCode\Google2FA;
use Carbon\Carbon;
use Session;

class CommonController extends Controller
{
    public function __construct() {

    }

    public function mfaSetup(Request $request)
    {
        $authUser = auth()->user();
        $google2fa = new Google2FA();

        if($request->isMethod('post')) {
            $request->validate([
                'mfa_secret' => 'required|string',
                'digit_code' => 'required|string',
            ]);

            $valid = $google2fa->verifyKey($request->mfa_secret, $request->digit_code);
            if ($valid) {
                $authUser = auth()->user();
                $authUser->mfa_secret = $request->mfa_secret;
                $authUser->is_mfa_enabled = 1;        
                $authUser->save();

                Session::flash("success", "MFA is Enabled Successfully.");
                return redirect()->route('user.myProfile');
            }

            return redirect()->back()->with('error', 'Invalid MFA Verification code. Please try again.');
        }

        $mfaSecret = $google2fa->generateSecretKey();
        $mfaQRCodeUrl = $google2fa->getQRCodeInline('TT Electronics', $authUser->username, $mfaSecret);    

        return view('auth.mfa_setup', ['mfaQRCodeUrl' => $mfaQRCodeUrl, 'mfaSecret' => $mfaSecret]);
    }
}

Blade View : (auth/mfa_setup.blade.php)

<form method="POST" action="{{ route('mfa.setup') }}">
    @csrf        
    <input type="hidden" name="mfa_secret" value="{{ old('mfa_secret', $mfaSecret) }}">
    <img src="{{ $mfaQRCodeUrl }}" style="height: auto;">
    <input type="text" class="form-control" placeholder="6 Digit Code" name="digit_code" required>
    <button type="submit" class="btn btn-primary">Verify Code</button>
</form>

Answer 1 · 2024-08-24T11:46:25.000Z

"time is of essence"

Did you verify the clock on the domain / server where it's not working is correct?

Answer 2 · 2024-08-31T21:25:10.000Z

i facing out the same issue.

In m y dev env ( Windows 11), OTP verification work fine. It work in my test server too ( ubuntu). but when i deployed it on my Prod server (Ubuntu), the verifyKey function return alwas FALSE.
Have you a solution please?

Answer 3 · 2024-09-01T13:56:45.000Z

@

"time is of essence"

Did you verify the clock on the domain / server where it's not working is correct?

You save me. Thank a lot. I facing out since 1 monht. Mu prod server was 2 minute ahead . It work fine