marcins / cf-google-authenticator Goto Github PK
View Code? Open in Web Editor NEWColdFusion implementation of Google Authenticator One Time Passwords
License: MIT License
cf-google-authenticator's People
Contributors
Stargazers
Watchers
Forkers
utiliware krunchmuffin stevewithington indynz jzuijlek nullstat stevereich andyj dawesi n8xja dfair98 vperdigao naturalinsight shufflertoxin doodi-v1 balajisa09 deanlaw blackbucksoftware isabella232 tomysaman h2ohubdevcf-google-authenticator's Issues
cf-google-authenticator
G'day - I'm just checking as to how current the Google Authenticator is with regards to the latest version of Google OTP and/or Coldfusion.
Bad Var
Change line 84 from
public string function getOneTimeToken (required string Secret, required numeric counter)
to
public string function getOneTimeToken (required string base32Secret, required numeric counter)
Internal Server Error 500 - CF9 on Win2k12 x64
Hi all,
I have installed the cf-google-authenticator on our win2k12 x64 cf9 server.
I received following error message after clicking "Generate" on sample/sample_generate.cfm:
Invalid CFML construct found on line 126 at column 80.
ColdFusion was looking at the following text:
[
The CFML compiler was processing:
A script statement beginning with public on line 126, column 5.
The error occurred in D:\PATH\authenticator\authenticator\GoogleAuthenticator.cfc: line 126
125 :
126 : public string function generateKey (required string password, array salt = [])
127 : {
128 : if (arrayLen(salt) == 0)
Resources:
Check the ColdFusion documentation to verify that you are using the correct syntax.
Search the Knowledge Base to find a solution to your problem.
Browser Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36
Remote Address 1.2.3.4
Referrer http://URL.org/authenticator/sample/sample_generate.cfm
Date/Time 31-Jul-16 03:47 PM
Stack Trace
at cfsample_generate2ecfm178615731.runPage(D:\PATH\authenticator\sample\sample_generate.cfm:26)
coldfusion.compiler.ParseException: Invalid CFML construct found on line 126 at column 80.
I changed following in authenticator\GoogleAuthenticator.cfc:
124 : force_empty_salt = [];
125 :
126 : public string function generateKey (required string password, array salt = force_empty_salt)
And voilà, i received the QR code.
SHA1 no longer allowed in some environments
Because of the crack of SHA1, NIST is now preventing its use on federal websites. I took a quick run at it but was unable to get it to work correctly. Maybe someone can figure out how to get this to work with SHA256 or SHA512?
InaccessibleObjectException Error On Coldfusion 2023
When testing this code on Coldfusion 2023, I recieved this error:
ava.lang.reflect.InaccessibleObjectException: Unable to make public boolean com.sun.crypto.provider.PBKDF2KeyImpl.equals(java.lang.Object) accessible: module java.base does not "opens com.sun.crypto.provider" to unnamed module @21e45a6f
The error occurred in E:/Websites/AdminCopy23/Lib/cfc/Admin/Manage/authenticator/GoogleAuthenticator.cfc: line 140
138 : var keySpec = createObject("java", "javax.crypto.spec.PBEKeySpec").init(arguments.password.toCharArray(), salt, 128, 80); 139 : var secretKey = keyFactory.generateSecret(keySpec); 140 : return Base32encode(secretKey.getEncoded()); 141 : } 142 :
From what I've read here:
This could be caused by the introduction of "Java Platform Module System that was introduced in Java 9, particularly its implementation of strong encapsulation. It only allows access under certain conditions, the most prominent ones are:
the type has to be public
the owning package has to be exported"
I'm puzzled in that this cfc works in CF 2018 which uses Java 10.
Clock synchronization
I've been using this component for over a year without any issue until today. Today I ran into an issue where the server was out-of-sync with the UTC clock by 10 seconds -- 10 seconds behind. This created an issue of failures because the token provided by the user was the next token as far as the component was concerned. I corrected this by adjusting the verifyGoogleToken function:
/**
* Verifies the submitted value from the user against the user secret, with optional grace for the last few
* token values
*
* @param base32secret the Base32 encoded shared secret key
* @param userValue the value that the user submitted
* @param grace the amount of previous tokens to allow (1 means allow the current, next, and last token value)
* @return a boolean whether the token was valid or not
*/
public boolean function verifyGoogleToken (required string base32Secret, required string userValue, numeric grace = 0)
{
var result = false;
for (var i = 0; i <= grace; i++)
{
result = result
or (getGoogleToken(base32Secret, -i) == userValue)
or (getGoogleToken(base32Secret, -i-120) == userValue) // DST switch-over adjustment - an hour ago
or (getGoogleToken(base32Secret, -i+120) == userValue); // DST switch-over adjustment - an hour from now
}
if(!result)
{
// check for next token in case of clocks not being synchronized to the exact UTC millisecond - only kicks in if grace>0
for (var i = 1; i <= grace; i++)
{
result = result
or (getGoogleToken(base32Secret, i) == userValue)
or (getGoogleToken(base32Secret, i-120) == userValue) // DST switch-over adjustment - an hour ago
or (getGoogleToken(base32Secret, i+120) == userValue); // DST switch-over adjustment - an hour from now
}
}
return result;
}
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.