Twofactor by Reflar

Kyrne

0.1.0-beta.2

It looks like one commit didn't get pushed to the repo for some reason, it was supposed to be included in the original version ?

Added a notification email for when a user enables 2fa (Supports Pretty-Mail ?)

XxPoNaGeXx

Whenever I scan a barcode in google auth app it says invalid barcode

Kyrne

XxPoNaGeXx try typing in the code manually, does it work

Edit: if you could provide me with your forum link I can do a quick test to see what is wrong.

XxPoNaGeXx

Kyrne Yes, this worked however barcode scanning isn't

Kyrne

XxPoNaGeXx see my edit

XxPoNaGeXx

Kyrne https://lgbtyouth.ga/

Kyrne

XxPoNaGeXx Hmm, I wasn't able to reproduce on your website. It scanned the bar code just fine, and I successfully enabled twofactor. Could you send me a screenshot of your twofactor barcode? (please regenerate your code after you send it to me for security reasons)

XxPoNaGeXx

Kyrne code removed

Kyrne

XxPoNaGeXx Hmm, even that one scanned fine into my phone. I don't think it is the extension's problem. Could be related to the app. (I'm using the official google authenticator app). Are you using iOS or Android?

XxPoNaGeXx

Kyrne I am using that app also ? on IOS

Kyrne

XxPoNaGeXx

0.1.0-beta.3

Fix iOS incompatibility

It is now very important you use https in tandem with this extension.

(Which you should be doing anyway because you are handling people's data)

XxPoNaGeXx

Kyrne how do I update?

Kyrne

XxPoNaGeXx run composer update reflar/twofactor in your Flarum root dir. If you have Bazaar give it 60 minutes to pull the update, then it should prompt you.

Kryonoglou

Can you make extension for phone verification on the register form?
I think this is very good idea.
Think about it. ?

tankerkiller125

Any option for U2F using the WebAuthn API in the future for those of us with U2F keys?

Kyrne

0.1.0-beta.4

Beta 8 Compatibility
Added UserEnabledTwoFactor event

Updating ⬆️

Make sure you are running Flarum beta 8, this update will not work on any other version
Run the follow commands (in this order) in your Flarum root directory:
- composer update reflar/twofactor
- php flarum migrate
- php flarum cache:clear

peopleinside

@Kyrne I made a question in another topic but you can reply here.

Will be nice be able to choose to receive two factor code by email without need an app and also maybe add as alternative method email in case the code in the app was loosed like when Google Authenticator are inaccessible or uninstalled without before remove the 2 factor.

Thanks for this extension.

Kyrne

peopleinside I am personally against email codes as they go to the same place as your password reset emails, which defeats the purpose of twofactor.

Funny you should bring this up now because I'm working on authy one touch would should hopefully help with the problem of losing access to Google authenticator.

In terms of getting back into admin, disable the extension from the settings table in mysql, and make sure to unblock the route in nginx.

Ninja edit: you should only disable it if you, or someone you can 100% verify it is themselves, a hacker may try to get you to disable it so they can get into an account.

peopleinside

Kyrne So if an user are unable to login because loose two factor code, admin seems unable to help.
Oh found need set the relative row in the user database profile from 2 to 0.

Seems at the moment when you activate two factor a red message say ops, error but refreshing the page two factor are activated 🙂

Kyrne

peopleinside that's the point, if you lose twofactor you can't login. Countless websites (Google, PayPal, teitrer, Facebook, GitHub) all say that if you lose access to twofactor you can't get into your account.

There are recovery coes however (but they look like they aren't generating for you) just in case you lose it.

Ralkage

Kyrne Let's not forget GitLab and how I got locked out of my original account 🤣 2FA is on Apple products as well.