README.md is inaccurate for `totp.verify_with_drift_and_prior`
samueltangz opened this issue · 5 comments
verify_with_drift_and_prior returns nil (not false) when OTP is invalid.
Could you elaborate more on your case @samueltangz ?
I did a quick check of the source code. And the result should come from
Line 86 in c82113e
which, as you can see, always return a boolean result of a comparison with 0
Sorry for being unclear... when using totp.verify_with_drift_and_prior, the doc said that it would return the timestamp when the token is valid, and false otherwise:
https://github.com/mdp/rotp#preventing-reuse-of-time-based-otps
However, from the line of code below, it returns nil instead of false.
https://github.com/mdp/rotp/blob/master/lib/rotp/totp.rb#L72
@samueltangz I think I know what you mean now. Just submitted a PR for that ^
seems legit. many thanks!
Updated the v3.x docs to reflect this error. It's been out in the wild for a while now and rather than fix it in v3.x, I'm going to let it stand in an abundance of caution to not break anyone implementation, as the latest version (4.x) doesn't have this issue.