aidan- / simpletotp Goto Github PK

G'day @aidan-,
I have been using your SimpleTOTP module with a SimpleSAMLPHP v1.x installation, and am now trying to upgrade to v2.x
I realise that you may not be actively working in this space any more, but was wondering if your PHP insights may be able to assist.

I am hitting this error:

SimpleSAML\Error\UnserializableException: Could not resolve 'simpletotp:2fa': The class 'SimpleSAML\Module\simpletotp\Auth\Process\2fa' isn't a subclass of '\SimpleSAML\Auth\ProcessingFilter'.

I have modified the class definition from:

class sspmod_simpletotp_Auth_Process_2fa extends SimpleSAML_Auth_ProcessingFilter

to

use SimpleSAML\Auth;
...
class sspmod_simpletotp_Auth_Process_2fa extends Auth\ProcessingFilter

So, from what I understand, through the extends keyword, the class "sspmod_simpletotp_Auth_Process_2fa" class is a sub class of SimpleSAML\Auth\ProcessingFilter.

Do you have any pointers?

Using SimpleSAML from apt-get install under Ubuntu 16.04. Followed install instructions.

Get the following error upon trying an auth:

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 /usr/share/simplesamlphp/www/module.php:170 (N/A)
Caused by: Exception: Could not resolve 'simpletotp:2fa': No class named 'sspmod_simpletotp_Auth_Process_2fa'.

Do I have to manually enable the module? Right now it's in: /usr/share/simplesamlphp/modules/SimpleTOTP and "default-enable" is present.

thanks!

In public/authenticate.php line 22: throw new SimpleSAML_Error_BadRequest(
should be changed to throw new SimpleSAML\Error\BadRequest(.

Hey,

Can you please provide an install guide with the steps?
I tried it my self but i get a : SimpleSAML\Error\CriticalConfigurationError: The configuration is invalid: The configuration (config/config.php) is invalid: Missing configuration file

Backtrace:
0 www/_include.php:70 (N/A)

After login no totp request and ga_secret is not removed

After each deployment, when the user enters TOTP, it becomes invalid, requiring them to set up TOTP again as the previous configuration no longer works.

for upcoming 1.70 release a twig template is needed

The user is able to bypass the TOTP page just by refreshing the page.

Issue:
The variable 'lastverified' is intended to track the time when the user last successfully verified the TOTP code. However, in the current code, 'lastverified' is set as soon as the user lands on the authentication page, which appears to be incorrect. 'lastverified' should only be set when the TOTP is successfully matched and verified. As a workaround, I have moved the code to set 'lastverified' within the authenticate.php file, under the section where the TOTP code is matched.

 if ($code === $_REQUEST['code']) {
    $now = time();
    **$session->setData(
        '\SimpleSAML\Module\simpletotp',
        'lastverified',
        $now,
        Session::DATA_TIMEOUT_SESSION_END
    );**
    ProcessingChain::resumeProcessing($state);
  } else {
      $displayed_error = "You have entered the incorrect TOTP token.";
  }

This needs to be fixed asap.