Blesta Addons Posted December 2, 2017 Report Posted December 2, 2017 after upgrade to v4, i have noticied that no one can add two factor identification, i have tested with a test account , and every time i get The one-time password entered is invalid. Quote
0 Tyson Posted December 4, 2017 Report Posted December 4, 2017 I don't think the timezone should have an effect on this issue since the time comparison is relative to UTC. This type of issue usually arises because the server time is no longer synced with the current actual time. For example, if the time is currently 08:00 but your server time is 07:55, the server time is 5 minutes slow, so while clients will generate a OTP based on 08:00, it will be compared against a different OTP from 07:55 by the server. This time drift will cause the OTP to be rejected if it is more than +/- 3 minutes from current time. activa 1 Quote
0 Blesta Addons Posted December 2, 2017 Author Report Posted December 2, 2017 i was able to add it in chrome !!! but we can't login from client login page, and every time we enter the onetime code we get The one-time password entered is invalid. Quote
0 Blesta Addons Posted December 3, 2017 Author Report Posted December 3, 2017 in other blesta installation it work, it has a time set to UTC +00:00 (UTC) . the otehr installation the time set to UTC Africa/Casablanca . is this can be the issue? as i don't see any date conversion in Users->addOtp() . Quote
0 Blesta Addons Posted December 4, 2017 Author Report Posted December 4, 2017 all our new clients cannot use the two factor identification, they all receive the error "The one-time password entered is invalid." test in all browsers and no effect . the old account also if they logout the can't login again and they recieve a invalid onetime password . Please is urgent and trivial. Quote
0 Tyson Posted December 4, 2017 Report Posted December 4, 2017 Is your server time accurate? If it's off by even a couple minutes the one time password will not be accepted. Quote
0 Blesta Addons Posted December 4, 2017 Author Report Posted December 4, 2017 2 hours ago, Tyson said: Is your server time accurate? If it's off by even a couple minutes the one time password will not be accepted. i checked and i found the server time is also set to Africa/Casablanca. what pist or debug i need to do? now a lot of claim from clients, they can't access their account, Quote
0 Blesta Addons Posted December 5, 2017 Author Report Posted December 5, 2017 13 hours ago, Tyson said: For example, if the time is currently 08:00 but your server time is 07:55, the server time is 5 minutes slow, so while clients will generate a OTP based on 08:00, it will be compared against a different OTP from 07:55 by the server. This time drift will cause the OTP to be rejected if it is more than +/- 3 minutes from current time. i will check this and return to you. Quote
0 Blesta Addons Posted December 5, 2017 Author Report Posted December 5, 2017 22 hours ago, Tyson said: For example, if the time is currently 08:00 but your server time is 07:55, the server time is 5 minutes slow, so while clients will generate a OTP based on 08:00, it will be compared against a different OTP from 07:55 by the server. This time drift will cause the OTP to be rejected if it is more than +/- 3 minutes from current time. that was the cause, thanks, resolved . Tyson and Paul 2 Quote
Question
Blesta Addons
after upgrade to v4, i have noticied that no one can add two factor identification, i have tested with a test account , and every time i get
The one-time password entered is invalid.
8 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.