我在Laravel5应用中将https://github.com/antonioribeiro/google2fa-laravel用于MFA。 OTP仅在第一次使用。如果我注销并尝试再次登录,则除非使用了浏览器,然后再次尝试登录,否则它使用的OTP均不正确。
关闭浏览器后,当我尝试登录时,它可以正常工作。我也尝试过删除缓存等。中间件代码是:
```
namespace PragmaRX\Google2FALaravel;
use Closure;
use PragmaRX\Google2FALaravel\Support\Authenticator;
class Middleware
{
public function handle($request, Closure $next)
{
$authenticator = app(Authenticator::class)->boot($request);
if ($authenticator->isAuthenticated()) {
return $next($request);
}
return $authenticator->makeRequestOneTimePasswordResponse();
}
}
`$authenticator->isAuthenticated() `it return true even I enter wrong OTP. Seems like something need to update in config file.
return [
/*
* Auth container binding
*/
'enabled' => true,
/*
* Lifetime in minutes.
* In case you need your users to be asked for a new one time passwords from time to time.
*/
'lifetime' => 0, // 0 = eternal
/*
* Renew lifetime at every new request.
*/
'keep_alive' => true,
/*
* Auth container binding
*/
'auth' => 'auth',
/*
* 2FA verified session var
*/
'session_var' => 'google2fa',
/*
* One Time Password request input name
*/
'otp_input' => 'one_time_password',
/*
* One Time Password Window
*/
'window' => 1,
/*
* Forbid user to reuse One Time Passwords.
*/
'forbid_old_passwords' => false,
/*
* User's table column for google2fa secret
*/
'otp_secret_column' => 'google2fa_secret',
/*
* One Time Password View
*/
'view' => 'google2fa.index',
/*
* One Time Password error message
*/
'error_messages' => [
'wrong_otp' => "The 'One Time Password' typed was wrong.",
],
/*
* Throw exceptions or just fire events?
*/
'throw_exceptions' => true,
];
```
我需要在配置文件中进行任何更改吗?谢谢!