[GH-ISSUE #134] Null values on verifyKeyNewer regression #531

New issue

Closed

opened 2026-03-14 12:08:10 +03:00 by kerem · 1 comment

kerem commented 2026-03-14 12:08:10 +03:00

Owner

Copy link

Originally created by @williamhector on GitHub (Jan 28, 2020).
Original GitHub issue: https://github.com/antonioribeiro/google2fa/issues/134

When a user account is logging in for the first time and they don't yet have an old timestamp to provide to verifyKeyNewer, calling it doesn't get a new timestamp returned for next time either, only a true value.

This seems to have been previously addressed in #70 and 592ca6f021 and then regressed in ffdcb8231d with the change back to using is_null($oldTimestamp) in findValidOTP.

Current workaround for me is to check if the result of verifyKeyNewer is true and if so, set the user's 2fa timestamp to the result of getTimestamp.

Originally created by @williamhector on GitHub (Jan 28, 2020). Original GitHub issue: https://github.com/antonioribeiro/google2fa/issues/134 When a user account is logging in for the first time and they don't yet have an old timestamp to provide to `verifyKeyNewer`, calling it doesn't get a new timestamp returned for next time either, only a `true` value. This seems to have been previously addressed in #70 and 592ca6f021b950b2eb39a05ed33913613888d66d and then regressed in ffdcb8231d0a19d0cda9b188e799dd6b8d9014db with the change back to using `is_null($oldTimestamp)` in `findValidOTP`. Current workaround for me is to check if the result of `verifyKeyNewer` is `true` and if so, set the user's 2fa timestamp to the result of `getTimestamp`.

kerem closed this issue 2026-03-14 12:08:15 +03:00

kerem commented 2026-03-14 12:08:21 +03:00

Author

Owner

Copy link

@antonioribeiro commented on GitHub (Apr 4, 2020):

@williamhector, this is actually the behavior of findValidOTP, since forever:

https://github.com/antonioribeiro/google2fa/blob/8.x/src/Google2FA.php#L83

<!-- gh-comment-id:609044772 --> @antonioribeiro commented on GitHub (Apr 4, 2020): @williamhector, this is actually the behavior of `findValidOTP`, since forever: https://github.com/antonioribeiro/google2fa/blob/8.x/src/Google2FA.php#L83

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

9.x

fix-coverage

bump-to-version-9

10.x

reformat-code

add-linting

reorder-imports

8.x

install-php-84

test-on-php84

github-actions

master

7.x

pspstan

revert-124-123-google2fa_fix

v9.0.0

v8.0.3

v8.0.2

v8.0.1

8.0.0

v7.0.0

v6.1.3

v6.1.0

v6.0.1

v6.0.0

v4.0.2

v4.0.1

v5.0.0

v4.0.0

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.0.1

v1.0.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.0

v0.1.0

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/google2fa#531

No description provided.