Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Timeout after 20 seconds no matter the window in verifyToken #18

Open
SomeMoosery opened this issue May 6, 2021 · 2 comments
Open

Timeout after 20 seconds no matter the window in verifyToken #18

SomeMoosery opened this issue May 6, 2021 · 2 comments

Comments

@SomeMoosery
Copy link

SomeMoosery commented May 6, 2021

Thanks for providing such a great tool!

I just have one quick question / problem with my implementation: I can't seem to increase the timeout window longer than ~20seconds, regardless of how large I set the window parameter.

My code is as follows:

  getSecret(): string {
    try {
      const newSecret: Secret = twofactor.generateSecret();
      return newSecret.secret;
    } catch (e) {
      throw new Error(e);
    }
  }

  getToken(secret: string): string {
    try {
      const newToken: Token = twofactor.generateToken(secret);
      return newToken.token;
    } catch (e) {
      throw new Error(e);
    }
  }

  verify2fa(userRequest: any, token: string): boolean {
    try {
      const verified: Delta = twofactor.verifyToken(userRequest.secret, token, 10000);
      return verified !== null && verified.delta === 0;
    } catch (e) {
      throw new Error(e);
    }
  }

Even with the window set to 10,000 as you see here, I get a delta of -1 after ~20 seconds. While I'm sending / verifying tokens asynchronously, I've checked to make sure that the sent secret/token match the verifying secret/token. Am I missing something?

Thanks!

@joelrwilliams12
Copy link

The token succeeds on the verifyToken call if the response is not null. That's the only pass/fail to check. By checking that delta == 0, you're forcing a 30s window. The delta value is just extra information.

Remove the check on 'delta === 0' and then your window will work as you change it. Once the time window is exceeded, verifyToken will return null.

@maxhudson
Copy link

maxhudson commented Mar 18, 2022

If you accidentally pass a string as the window arg, you'll get a timeout FYI (i.e. '60' bad, 60 good)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants