Hello, sinse i update to laravel 5.5 im getting this error with this packeg ;

Class 'Base32\Base32' not found

Symfony\Component\Debug\Exception\FatalThrowableError
…/vendor/thecodework/two-factor-authentication/src/Http/Controllers/TwoFactorAuthenticationController.php152

private function base32EncodedString($length = 30):
    string
    {
        return Base32::encode($this->strRandom($length));
    }

Hi. First, thanks for this package. Is there any way of checking if a specific user has 2fa enabled? Depending, if it's enabled or not, the user will be able to access areas of the admin panel that are more sensitive, thus requiring additional security layers.
Thank you.

would be more handy if there is an option to specify digest algorithm.

Currently we're using is_2fa_enabled and secret_key column to make 2FA work. Instead of using too common name we can use some unique non-collidable names.

I imagine this feature is not yet here.
but I ask you if in someway when we are at 'enter otp' page we can send an sms to the mobile phone of the user instead of let user use the authenticator app.

Some very old user are still not able to perform a 'read qr' -> user app flow

Hello! (again xD)

I would like to discuss something.

Sometimes, you use 2FA in classes, methods and sometimes it's TwoFactorAuthentication. I suggest we choose one or the other to remove these (little) inconsistencies.

I prefer 2FA as it keeps classes name shorter.

There are chances that some application has another name for the user model or have multi auth

Add support so that user can extend this library for generating qr code and verifying token using api end point.

$ php artisan vendor:publish --provider="Thecodework\TwoFactorAuthentication\TwoFactorAuthenticationServiceProvider --tag=views"

instead of

$ php artisan vendor:publish --provider="Thecodework\TwoFactorAuthentication\TwoFactorAuthenticationServiceProvider"

Hello! (again, again)

I would like to discuss adding custom properties in the config to allow custom columns names.

We just need an extra class.

What do you think about that?

I can submit a PR.

It would be nice to have token verification attempt limit.

Write test case for the package

When the secret is generated for barcode image, don't change it on each refresh unless user requests to change the secret key so the barcode image. this will help user if they accidentally delete application account from Google Authenticator or so and they'd be able to retrieve it easily.

Hello,
i just install your package and got this error:

FatalErrorException in TwoFactorAuthenticationServiceProvider.php line 43:
syntax error, unexpected ':', expecting ';' or '{'

can you please help me with this?
thanks!

This is actually a bug not a feature request.

In views there is things like {{ url('/enable-2fa'). I think it should be instead {{ route('enable-2fa') or something and add this in the routes.php.

I can submit a PR.

Hello, I have found an issue with Google Authenticator (iOS), with Android it works well:

The base32EncodedString Function in TwoFactorAuthenticationController.php should be min. length of 10 and not be dependent on the config('2fa-config.number_of_digits') value. Otherwise the base32 Function will pad with "=" at the end of the string. It turns out, that Google Authenticator (iOS) doesn't accept "=" chars in Barcode URL.

Source: https://stackoverflow.com/questions/29173288/google-authenticator-on-apple-devices-certain-secrets-are-not-valid

Hello!

To make this library better, i suggest that instead of naming config config, views : views, ... We name them 2fa-config, 2fa-views... Because when publishing one of them their name are just views,... which is not really useful

What do you think ?

Hi,
Minor complaint.

\Thecodework\TwoFactorAuthentication\Http\Controllers\TwoFactorAuthenticationController

I have renamed my Laravel project's namespace, and so the Controller class TwoFactorAuthenticationController extends is no longer found in the \App\Http\Controllers namespace.

So either I have to rename my project namespace back to "App" or I have to make a copy of the TwoFactorAuthenticationController in my project's controller directory with my namespace.

Just something people need to be aware of if they are using their own namespace.

By default the library uses google QR code generation service.

Hello again.
i have installed the package and everything works great!
but it seems that i cant make a login, every time i got the same message.
"Token is not valid"
Do i need to sync my server time to some time zone?
why this could happen?

I use the library in laravel and found that in the authenticator app I was missing my email address. I made an overwrite for the TwoFactorAuthenticationController as follows:

    public function setupTwoFactorAuthentication(Request $request)
    {
        $user = $this->getUser();
        $totp = TOTP::create(
            $this->base32EncodedString(),
            config('2fa-config.period'),
            config('2fa-config.digest_algorithm'),
            config('2fa-config.number_of_digits')
        );

//here is my change
        $totp->setLabel($user->email);
        $totp->setIssuer(config('2fa-config.account_name'));
//end of change

        $this->updateUserWithProvisionedUri($totp->getProvisioningUri());
        $barcode = $totp->getQrCodeUri();
        if ($request->ajax()) {
            return $barcode;
        }

        return view('2fa::setup', compact('barcode', 'user'));
    }

That way it is easier to see for which email address it is used for

This package works very well for intercepting the auth request after login and has great setup instructions.

However, two issues for a fresh install using the instructions provided on this repo:

(1) I keep getting "QR code is invalid" (or similar) on both Google Auth and Authy. In case this additional info helps, the secret key generated in the user's table upon a fresh install seems to be adding an arbitrary number of equals signs at the end: "MFWGK6CAOVZXA4TPORSWG2BOMNXW2===".

(2) A RequiredFields error is thrown for migrations: [2017-04-01 17:14:40] local.ERROR: Symfony\Component\Debug\Exception\FatalThrowableError: Class 'RequiredFields' not found in /Users/[...redacted...]

see https://scrutinizer-ci.com/g/thecodework/two-factor-authentication/issues/master/files/src/Http/Controllers/TwoFactorAuthenticationController.php?selectedSeverities%5B0%5D=10&orderField=path&order=asc&honorSelectedPaths=0#inspectioncomment-69678342

Actually, installing via composer, we get your package at ^0.8.2.

So we cannot use it in laravel 9/ php 8.x projects.

structurize the folder and files.

Hey, currently there is an issue in the new version 0.1.7

the new field "two_factor_provisioned_uri" is in the Migration but the Controller TwoFactorAuthenticationController is still accessing the field "two_factor_secret_key" (line 103).

Greetings

Hello!
Would love to have that.
I think we could do something in the config like

return [
// ...
  'qrcode_generator' => \App\2fa\MyCustomQrCodeGenerator::class
// ...
];

MyCustom could extends of a QrCodeGeneratorInterface that could be called here

I can, and if you agree with that proposition, will submit a PR.