google-authenticator | PHP Google Authenticator

 by   winglian PHP Version: Current License: No License

kandi X-RAY | google-authenticator Summary

kandi X-RAY | google-authenticator Summary

google-authenticator is a PHP library. google-authenticator has no bugs, it has no vulnerabilities and it has low support. You can download it from GitHub.

PHP Google Authenticator
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              google-authenticator has a low active ecosystem.
              It has 1 star(s) with 0 fork(s). There are 3 watchers for this library.
              OutlinedDot
              It had no major release in the last 6 months.
              google-authenticator has no issues reported. There are no pull requests.
              It has a neutral sentiment in the developer community.
              The latest version of google-authenticator is current.

            kandi-Quality Quality

              google-authenticator has 0 bugs and 0 code smells.

            kandi-Security Security

              google-authenticator has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              google-authenticator code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              google-authenticator does not have a standard license declared.
              Check the repository for any license declaration and review the terms closely.
              OutlinedDot
              Without a license, all rights are reserved, and you cannot use the library in your applications.

            kandi-Reuse Reuse

              google-authenticator releases are not available. You will need to build from source code and install.
              It has 159 lines of code, 23 functions and 1 files.
              It has high code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of google-authenticator
            Get all kandi verified functions for this library.

            google-authenticator Key Features

            No Key Features are available at this moment for google-authenticator.

            google-authenticator Examples and Code Snippets

            No Code Snippets are available at this moment for google-authenticator.

            Community Discussions

            QUESTION

            How to Handle 26-Byte Secret for Time-based One Time Password?
            Asked 2022-Apr-02 at 04:15

            Secret of Time-based One Time Password are usually 16-byte base32 encoded string. e.g. GitHub 2FA.

            But for some scenario, it has 26 bytes long. e.g. Tutanota OTP. Often in lower case with whitespaces, like: vev2 qjea un45 3sr4 q4h3 ais4 ci

            I tried with the TOTP algorithm implemented in dgryski/dgoogauth and tilaklodha/google-authenticator. Both can handle 16-byte secret well, but got error for 26-byte secret.

            e.g. for 16-byte secret VEV2QJEAUN453SR4:

            ...

            ANSWER

            Answered 2022-Apr-02 at 04:15

            A base32 encodes every 5 bits of input bytes into base32 character, go base32 use The RFC 4648 Base 32 alphabet (A-Z, 2-7). When decode a string to bytes, each base32 character input will be mapped to a 5 bit index then recompose to bytes.

            In your example "VEV2QJEAUN453SR4Q4H3AIS4CI", the previous "VEV2QJEAUN453SR4" was already valid input, it is a 16 char input, and 5 bit * 16 is 80 bit so it can be resolved into 10 bytes output. Now let us just look at the rest "Q4H3AIS4CI", 10 char -> 5 * 10 = 50 bits, the previous 40 bits can be decode to 5 bytes, but the last 2 char "CI" leads 2 bit remainder

            Source https://stackoverflow.com/questions/70389299

            QUESTION

            2FA is not working with Ubuntu AWS instance
            Asked 2022-Mar-31 at 11:03

            I worked on setting up 2FA while doing ssh in EC2 instance. But after the setup instance is still not asking for 2FA code and directly logs my user i.e. ubuntu into the server.

            I did following steps to setup 2FA:

            1. Install Google Authenticator PAM module.

              sudo apt install libpam-google-authenticator

            2. Add auth required pam_google_authenticator.so to /etc/pam.d/sshd

            3. Restart ssh sudo systemctl restart sshd.service

            4. Update sshd_config with following:

              ChallengeResponseAuthentication yes PasswordAuthentication no

            5. Run command google-authenticator

            Please help me resolve this issue. Thanks in advance.

            ...

            ANSWER

            Answered 2022-Mar-31 at 11:03

            I was facing this issue because of other configuration was enabled. PubKeyAuthentication was used instead of authenticator. I change it to PubKeyAuthentication no which resolved the issue.

            Source https://stackoverflow.com/questions/71657716

            QUESTION

            using TOTP Microsoft authenticator for ASP.NET MVC
            Asked 2021-Feb-10 at 18:50

            We already have a single authentication process using Active Directory for our home made web sites (simple login and password). Our AD is also on Azure (everything is synchronized).

            Now we want 2 factors authentification using this: (Microsoft Authenticator) https://www.microsoft.com/en-us/account/authenticator

            I've been searching for an exemple for a while, but most of the tutorials I found are about MVC CORE; I'm not using core, just regular MVC .Net Framework. Furthermore, the only tutorials I found using .Net framework were for Google authenticator, not Microsoft's one.

            The intended behavior would be the same as when I connect to office 365, first I enter my password in the web site, then I receive a notification on my cell phone (for exemple), by approving the connection, I can have access to web content.

            I'm still trying to figure out if this is even allowed, is Microsoft Authenticator only meant to be used for Microsoft developers or can we random developers use this app for our 2FA needs? Or is there a way to trigger the office 365 authentication windows?

            If yes, they don't seem eager to share any code or tutorial for MVC .net Framework. (I'm still searching)

            EDIT for comments:

            Microsoft auth .Net Core documentation:

            https://docs.microsoft.com/en-us/aspnet/core/security/authentication/mfa?view=aspnetcore-5.0

            Google auth with .Net framework documentation:

            https://medium.com/@henryhdelgado/2fa-with-google-authenticator-in-asp-mvc-4788c79c47

            ...

            ANSWER

            Answered 2021-Feb-10 at 18:50

            In short: you don't need to do anything (provided that your application authenticates users using OIDC, which it will do if you're using Azure Active Directory or Office 365 with your application). Just flip the switch in your organization's O365 or AAD settings to require TOTP/2FA.

            However, if your application is actually authenticating against on-prem AD (whether using Kerberos via the browser shell, or with "Forms authentication") and you can't make your web-application authenticate against AAD/O365 (not on-prem AD) and you don't have AD Federation working, then you're in for a world of pain because getting on-prem 2FA working is a massive undertaking that requires just as much work from your sysadmins as it does from you (and then your question would be closed for being "too broad", sorry!)

            Authenticating against AAD/O365 can be done using any OIDC client library, though Microsoft does make a purpose-built library available on NuGet which works in .NET Framework applications in addition to .NET Core: https://www.nuget.org/packages/Microsoft.Identity.Client/ (formerly https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/ )

            "Azure Active Directory" (AAD) is a misnomer btw, as it has very little to do with on-prem Active Directory. That said, if you're using Office 365 within your enterprise then you will already have AAD up-and-running - just be aware that it's still completely unrelated to Active Directory (as far as technology is concerned).

            Using AAD/O365 for SSO basically means using OIDC (whereas on-prem AD is Kerberos, not OIDC) - so any OIDC library can be used with AAD/O365. The TOTP/2FA part is handled entirely by AAD/O365 so you don't actually need to do anything in your own application to handle TOTP/2FA.

            Source https://stackoverflow.com/questions/66123661

            QUESTION

            Unit test stub for google authenticator barcode scanning using PHPUnit in Laravel
            Asked 2020-Jul-27 at 13:57

            Please help me to find out the solution.

            1. Does anyone know how to write a unit test stub using PHPUnit for scanning a barcode? FYI : In our application, two-factor authentication used(google authenticator). When users enter a valid username and password next screen displayed with barcode, we scan that barcode using the google-authenticator app on mobile then 6 digit code is generated, which we enter in web application then redirects to the home page.
            2. How to set a cookie while writing unit test stub for login?
            ...

            ANSWER

            Answered 2020-Jul-23 at 17:42
            1. Create an abstraction for your 2FA
            2. Make Google Authenticator the default implementation
            3. Create a fake implementation that suits your needs. This could be a fixed six digit code that is always valid or you make it configurable
            4. Swap the default implementation with the fake in your tests
            5. Test the scenarios you need to test in your login process
            6. Create a manual test to make sure that your Google Authenticator implementation is actually working

            I know this answer is rather abstract, but your question was not very concrete either. If you can provide more details, I'd be happy to go into it.

            Source https://stackoverflow.com/questions/63054409

            QUESTION

            CAS 6.2.x MFA Principal Attribute Trigger 'memberOf' Active Directory Not Working
            Asked 2020-Jul-20 at 14:52

            I have CAS 6.2.x running in Kubernetes building the image from this repo. I am passing in the cas.properties file via configmap.I have it wired up against Active Directory and am able to login with the Username/Password. I am now working to enable MFA with the Google Authenticator plugin. I have this working as well if I force the flow globally with the following:
            cas.authn.mfa.global-provider-id=mfa-gauth

            When I try to use the values described here for Multifactor Authentication: Principal Attribute Trigger it doesn't send me to the MFA flow. These are the settings that I have set:
            cas.authn.ldap[0].principalAttributeList=userPrincipalName,cn,givenName,sAMAccountName,memberOf
            cas.authn.mfa.global-principal-attribute-name-triggers=memberOf
            cas.authn.mfa.global-principal-attribute-value-regex=ForceMfa

            When I log in these are the values returned back for memberOf:

            memberOf
            [CN=Group2,OU=MyOu,DC=subdomain,DC=domain,DC=local, CN=Group1,OU=MyOu,DC=subdomain,DC=domain,DC=local, CN=ForceMfa,OU=MyOu,DC=subdomain,DC=domain,DC=local]
            Principal

            I used Misagh blog post as a guide.

            If I change the trigger and regex to sAMAccountName and my username it then works as expected. Not sure if I need to change the regex format to find the group name or if I just have something else wrong. It just seems like the regex is not finding a match for some reason as the settings seem to be working for me, just not with memberOf.

            Thank you

            ...

            ANSWER

            Answered 2020-Jul-20 at 14:52

            Consider switching this to:

            Source https://stackoverflow.com/questions/62798470

            QUESTION

            FreeRadius 3.0.13 + Google Auth + SSSD + Active Directory - Filter via AD security groups
            Asked 2020-Jul-09 at 01:17

            I am a newbie to FreeRadius, so my knowledge is not in-depth. I am trying to configure a central radius to handle any network based systems (switches, routers, firewalls, & VPN) to authenticate end-users when they are trying to SSH and/or VPN into the system. All of my equipment supports radius.

            Environment:

            • OS = CentOS 7
            • FreeRadius = 3.0.13
            • google-authenticator-libpam = 1.09
            • I did not post my config files as they are exactly covered by the reference link. I will post them in a follow-up post for ease of reading

            Reference: I followed this page to get the majority of the system operational (SSLVPN Two - Factor Authentication with Google Authenticator

            What is working:

            • Using radtest, I can authenticate with an AD based user with their AD password+OTP
            • Was able to get a network switch authenticate and access-accept reply message to include custom VSA for user group (used unlang within the post-auth area based only on the user-name). Not ideal but just for testing the concept.

            Next Steps (the question): I want to be able to ultimately decide if the end-user is granted access to VPN or switch via AD security groups. So from my understanding, I could perform this within the auth module or the post-auth. I believe the correct place would be in the post-auth possible using unlang (but correct me if this is not the general area to do this). I don't know how/where I need to perform the LDAP lookup to get the user-name AD security group info. In theory, once I have the user's name & group info, these can be used in multiple filters to declare if they get access to a group of systems. Thanks

            ...

            ANSWER

            Answered 2020-Jul-09 at 01:17

            So I figured out how to accomplish what I was trying to do.

            1. Configure /etc/raddb/clients.conf

            2. Add the option under each client of virtual_server = custom_vs01

            3. Duplicate (copy do not rename) /etc/raddb/sites-available/default to /etc/raddb/sites-available/custom_vs01

            4. Edit custom_vs01. Change the server block to match the file. orig: server default { new: server custom_vs01 {

            5. Change the port for the AUTH and ACCT to an actual port (E.g. 511812 & 511813)

            6. In the post-auth section; add unlang to look for LDAP group So basically if the authenticated user is not part of either of the AD groups, then we update the control and reject them from access

            Source https://stackoverflow.com/questions/62286306

            QUESTION

            HmacSHA1 different result in Node crypto and CryptoJS
            Asked 2020-May-18 at 19:03

            I am implementing two factor authentication with Google Authenticator in a NativeScript app starting from this implementation. Since Node's crypto module doesn't run inside NativeScript, I am trying to make it work with CryptoJS.

            This is the working Node code. The function returns a buffer with the correct value.

            ...

            ANSWER

            Answered 2020-May-18 at 19:03

            You are giving a Buffer to the crypto module, while you are giving a string to CryptoJS. Probably they do not handle the strings the same as Buffers. CryptoJS does not support a Buffer as input, only string and WordArray, so the trick is to convert your Buffer into a WordArray:

            Change the following line:

            Source https://stackoverflow.com/questions/61876649

            QUESTION

            Matching TOTP implementation with Google Authenticator
            Asked 2020-Apr-07 at 20:57

            (Solution) TL;DR: Google assumes the key string is base32 encoded; replacing any 1 with I and 0 with O. This must be decoded prior to hashing.

            Original Question

            I'm having difficulty having my code match up with GA. I even went chasing down counters +/- ~100,000 from the current time step and found nothing. I was very excited to see my function pass the SHA-1 tests in the RFC 6238 Appendix, however when applied to "real life" it seems to fail.

            I went so far as to look at the open source code for Google Authenticator at Github (here). I used the key for testing: "qwertyuiopasdfgh". According to the Github code:

            ...

            ANSWER

            Answered 2020-Apr-07 at 20:51

            I was tempted to make my own Android application to implement TOTP for my project. I did continue looking at the Java code. With aid of downloading the git repository and grep -R to find function calls I discovered my problem. To get the same pin codes as Google Authenticator the key is assumed to be base32 encoded and must be decoded prior to passing it to the hash algorithm.

            There was a hint of this in getEnteredKey() by replacing the 0 and 1 characters as these are not present in the base32 alphabet.

            Source https://stackoverflow.com/questions/61072406

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install google-authenticator

            You can download it from GitHub.
            PHP requires the Visual C runtime (CRT). The Microsoft Visual C++ Redistributable for Visual Studio 2019 is suitable for all these PHP versions, see visualstudio.microsoft.com. You MUST download the x86 CRT for PHP x86 builds and the x64 CRT for PHP x64 builds. The CRT installer supports the /quiet and /norestart command-line switches, so you can also script it.

            Support

            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/winglian/google-authenticator.git

          • CLI

            gh repo clone winglian/google-authenticator

          • sshUrl

            git@github.com:winglian/google-authenticator.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link