Comments (4)
How can I get the secret for use outside the Laravel application?
If you are wondering about the Shared Secret, you can easily get it from the user model relation itself. Pair that with a controller on a route and you can retrieve it.
use App\Models\User;
Route::get('user/{user:id}/shared_secret', function (User $user) {
return $user->twoFactorAuth->shared_secret;
});
When passing in shared_secret to verify the 2fa code they gave it always returns false.
The Shared Secret is only given to the user once, at setup. After that, they need to confirm by generating a 2FA code on their device, which is returned to the app and checked against the code generated by the same server. If they're equal, it's true.
Route::get('user/{user:id}/confirm_2fa', function (User $user) {
return $user->confirmTwoFactorAuth(request('2fa_code')); // true|false
});
Most common problems for this to fail are wrong server time and/or device time.
So how can I derive the secret from the shared_secret?
The shared_secret is encrypted on the database. Save yourself some lines and use the model itself from the first example to transmit it. It decrypts to a Base32 uppercased string.
Route::get('user/{user:id}/shared_secret', function (User $user) {
return $user->twoFactorAuth->shared_secret;
});
from twofactor.
I understand how to get it in Laravel, but I'm using it outside of Laravel, I looked at the internals but couldn't figure out how to get it from the database
from twofactor.
You can just query the database and decrypt the shared secret. You should receive a Base 32 in uppercase string.
If you don't have the ID of the row, you will need to query both model class name and model id:
$secret = DB::table('two_factor_authentications')
->where([
'authenticatable_type' => 'App/Models/User',
'authenticatable_id' => 4
])
->first('shared_secret');
return Crypt::decrypt($secret);
from twofactor.
Thanks, solved it. Now to understand why the session isn't being flashed which seems related to #21
from twofactor.
Related Issues (20)
- Call Auth2FA::attempt gives warning 'Non static method 'attempt' should not be called statically.' HOT 8
- safe_devices does not remember device HOT 11
- Determine if user bypassed 2 factor with safe device. HOT 2
- [1.2] Support Laravel 10 HOT 2
- Laravel 10 non-compatible examples HOT 1
- [1.x] Add Universal 2nd Factor (U2F) HOT 3
- Issue with migrating from darkghosthunter/laraguard HOT 2
- Support to return a custom route instead of custom view to handle the 2FA Code retry. HOT 3
- Issuer missing or double HOT 9
- [1.0] Multiple inputs for 2fa code HOT 7
- [1.x] cannot use user.uuid because of TwoFactorAuthentication model casting authenticatable_id to "int"
- [1.x] How to use with Laravel Breeze HOT 4
- The MAC is invalid. HOT 2
- Clarification Required HOT 1
- [1.2,2] Label is not displayed correctly on Apple devices due to urlencoding HOT 1
- hasTwoFactorEnabled function not work because enabled_at still null HOT 1
- [2.x] Clear Documentation Issues & UX Issues. HOT 2
- [2.0] Migration error
- [2.0] Include `SerializesModels` in events. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from twofactor.