Optionally configure discrepancy setting in 2FA verification

Steve Shipway 4 months ago • updated 4 months ago 1

When verifying a 2FA code, the discrepancy (time leeway for auth codes) is hardwired to +-1 (this is when calling verifyCode() from identify.php).  It would be helpful to be able to configure this from within TeamPass, since this gives very little leeway for devices with clock errors and slow typers.  Many places will use 2 or even 3 for this setting depending on their users.

Please can we add a configuration item to the 2FA settings to allow this to be changed from the default of 1.

E.G. something like this (but also needs the UI code for editing the setting of course)

            } else {
                // verify the user GA code
                if ($tfa->verifyCode($data['ga'], $dataReceived['GACode'],(isset($SETTINGS['ga_discrepancy'])?$SETTINGS['ga_discrepancy']:1))) {
                    $proceedIdentification = true;
                } else {
                    $proceedIdentification = false;
                    $logError = "ga_code_wrong";