App not working across timezones #171
Comments
|
does you phone and your server are both timezone aware? because normally PHP's time command (which is pretty substancial to this because totp uses the linux timestamp, which is UTC by definition) only throws problems with U2F if the time isnt proper. I would suggest to throw a test php file which essentially just contains <?php
echo (time());
?>and compare that to a live linux timestamp which you got from some website. also, of course if your smartphone doesnt have the correct timezone set, it will fail instead with generating the code because it cannot know the correct UTC if you have the wrong timezone set. |
|
Hello, I also double checked my smartphone and the timezone is correct (and set automatically). Cheers |
|
okay this is really weird, you server throws the right unix time so the server doesnt have any timezone fails and your phone seems to be correct too. although it certainly works fine for the server I use and I honestly dont even know where that thing is standing around @ChristophWurst is there some kind of debug option we could try to trace the problem? the last thing that it could be is that the secret is wrong, which might happen in case you may have ticked the thing off and on again (maybe it also might happen if the plugin gets disabled on an update, although I didnt try that), the best bet is now to try to tick it off, delete your TOTP entries for the cloud in your app and re-setup the whole thing. |
If you mean something like tell my why this OTP is invalid, no, I'm afraid that's not supported by the upstream library we use. |
|
well that's kinda sad, would be awesome if we could just slap an echo (or var_dump) to the values it throws into the HMAC and compare that to whatever we actually have on the phone, that's at least what I usually do when I have problems. @kworm1 could you maybe give me a user (no storage or anything required except of course totp) and try a few things? essentially just playing around with the TOTP |
|
Hmm,
it actually works now. I hate this, but I can't really tell you what made
it work.
I recreated and re-synced the secrets a number of times. I also uninstalled
and reinstalled the app. I might also have switched phone, but I am not
entirely sure about that.
I will be sure to let you know if it reappears, but for now it seems to be
working.
Thanks for your help and sorry for the sudden fix without reason.
cheers
…On 12 May 2017 at 23:21, My1 ***@***.***> wrote:
well that's kinda sad, would be awesome if we could just slap an echo to
the values it throws into the HMAC and compare that to whatever we actually
have on the phone, that's at least what I usually do when I have problems.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#171 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AGoaKwoLLZZ0Jla1OoTbylrKswgwCzboks5r5FzJgaJpZM4NO3-f>
.
|
|
I can't confirm this. Sitting in India now my server is in Europe, TOTP is working on my testing an my production settup fine. |
This bug is unexpected to me so maybe there is another explanation.
The situation:
I have a nextcloud server in Europe
My smartphone (and I) are in Australia
The problem:
The TOTP is not accepted and login is not allowed
I have tried with google authenticator and FreeOTP. Same problem in both cases.
I have checked the clock synchronisations between server and phone. They are perfectly synchronised.
However they are in very different timezones. I would have assumed that both your nextcloud app and FreeOTP/Google Authenticator used UTC as their timebase, but perhaps I am wrong.
If so, may I suggest if possible to use UTC as the timebase?
The text was updated successfully, but these errors were encountered: