Twofactor by Reflar

Kyrne · Jun 30, 2019

GoGLIKK ~~I think this is an iOS specific issue that I encountered in the old version of this ext which I believed I fixed I'll take a look into this.~~

Edit: upon looking at the photo for more than a milisecond (I rush sometimes) I noticed it's just straight up not a valid url I'll fix it soon.

[deleted] · Jul 24, 2019

@Kyrne noticed a recurring bug in Beta 9 with this extension

mithril.js:2191 POST https://discuss.guruwall.com/api/twofactor/login 400

{errors: [{status: "400", code: "csrf_token_mismatch"}]}
errors: [{status: "400", code: "csrf_token_mismatch"}]
0: {status: "400", code: "csrf_token_mismatch"}
code: "csrf_token_mismatch"
status: "400"

Any chance this can be fixed ?

peopleinside · Sep 18, 2019

Kyrne Hi, how i can add support for Italian?
I create request on GitHub ReFlar/twofactor9 will follow that

UUser39 · Oct 23, 2019

Is this still supported?

Another issue: when people enter the wrong password, they are not told it’s wrong but instead the thing spins infinitely and it looks like the page is frozen. It won’t confirm nor deny the login but just continues to show the spinner.

@Kyrne Any thoughts?

[deleted] · Oct 23, 2019

It would be a pity if it wasn't. I used to use this extension, and had to remove it owing to issues

UUser39 · Oct 27, 2019

[deleted] did you have other issues other than the one I posted?

[deleted] · Oct 27, 2019

User39 no. Same issues.

peopleinside · Oct 27, 2019

User39 Thanks i will unistall.
After the unsitall i am no more able to login "You don't have the right to do".
Nice extension.

[deleted] Has you been able to remove the extension and did you try to login in an incognito mode? I try to remove this extension but i soon i disable it and try to unistall no user are more able to login.

@Kyrne

Solution: need remove in the .htaccess file the added code indicate on the extension page:
https://github.com/ReFlar/twofactor

[deleted] · Oct 27, 2019

peopleinside you'll need to modify the.htaccess file and remove the entries the extension requires

UUser39 · Oct 27, 2019

I hope @Kyrne is able to fix this. Otherwise it's an awesome extension. Just the login really does need to be fixed or else I don't think it'll be usable.

[deleted] · Dec 17, 2019

@Kyrne I'm curious to know if this plugin will get pulled into the FoF ecosystem and re-released as stable ?

Thanks

peopleinside · Dec 17, 2019

[deleted] to me seems to be died at the moment. I cannot use

[deleted] · Dec 17, 2019

peopleinside Yes - a pity. I may well fork this

Kyrne · Dec 17, 2019

[deleted] peopleinside User39

0.1.3

Fix for permission denied freezing the page
Speed up notification for permission denied

To update run composer update reflar/twofactor in your Flarum root dir

peopleinside · Dec 17, 2019

Kyrne Thank you

Kyrne · Dec 17, 2019

peopleinside no problem, don't forget to readd the htaccess rules!

[deleted] · Dec 17, 2019

Kyrne omg... Thanks !

[deleted] · Dec 18, 2019

@Kyrne there still seems to be an issue with this extension. It's the same problem I reported before - see below

return [
    'up' => function (Builder $schema) {
        if (!$schema->hasColumn('users', 'twofa_enabled')) {
            $schema->table('users', function (Blueprint $table) {
                $table->boolean('twofa_enabled')->default(0);
                $table->string('google2fa_secret');
                $table->string('recovery_codes')->nullable;
            });
        }
        $schema->table('users', function (Blueprint $table) {
            $table->string('phone');
            $table->string('text_code');
            $table->string('pageId');
        });
    },
  'down' => function (Builder $schema) {
      $schema->table('users', function (Blueprint $table) {
          $table->dropColumn('google2fa_secret');
          $table->dropColumn('twofa_enabled');
          $table->dropColumn('recovery_codes');
          $table->dropColumn('phone');
          $table->dropColumn('text_code');
          $table->dropColumn('carrier');
      });
  },
  ];

These database entries are not being created, and there are no errors in the log. I'm still working through this, but my installation fails to work. The QR code when scanned says it's an invalid format, and the recovery codes are also missing.

[deleted] · Dec 18, 2019

Another issue - even if I create the fields from scratch in the database, I still get

Next Illuminate\Database\QueryException: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'twofa_enabled' in 'field list' (SQL: update `users` set `twofa_enabled` = 1, `google2fa_secret` = ############ where `id` = 1) in /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/illuminate/database/Connection.php:664
Stack trace:
#0 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/illuminate/database/Connection.php(624): Illuminate\Database\Connection->runQueryCallback('update `users` ...', Array, Object(Closure))
#1 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/illuminate/database/Connection.php(490): Illuminate\Database\Connection->run('update `users` ...', Array, Object(Closure))
#2 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/illuminate/database/Connection.php(423): Illuminate\Database\Connection->affectingStatement('update `users` ...', Array)
#3 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/illuminate/database/Query/Builder.php(2659): Illuminate\Database\Connection->update('update `users` ...', Array)
#4 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/illuminate/database/Eloquent/Builder.php(818): Illuminate\Database\Query\Builder->update(Array)
#5 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/illuminate/database/Eloquent/Model.php(729): Illuminate\Database\Eloquent\Builder->update(Array)
#6 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/illuminate/database/Eloquent/Model.php(644): Illuminate\Database\Eloquent\Model->performUpdate(Object(Illuminate\Database\Eloquent\Builder))
#7 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/reflar/twofactor/src/TwoFactor.php(88): Illuminate\Database\Eloquent\Model->save()
#8 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/reflar/twofactor/src/Api/Controllers/VerifyCodeController.php(49): Reflar\twofactor\TwoFactor->prepareTOTP2Factor(Object(Flarum\User\User))
#9 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/flarum/core/src/Api/Controller/AbstractSerializeController.php(96): Reflar\twofactor\Api\Controllers\VerifyCodeController->data(Object(Zend\Diactoros\ServerRequest), Object(Tobscure\JsonApi\Document))
#10 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/flarum/core/src/Http/RouteHandlerFactory.php(38): Flarum\Api\Controller\AbstractSerializeController->handle(Object(Zend\Diactoros\ServerRequest))
#11 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/flarum/core/src/Http/Middleware/DispatchRoute.php(65): Flarum\Http\RouteHandlerFactory->Flarum\Http\{closure}(Object(Zend\Diactoros\ServerRequest), Array)
#12 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\DispatchRoute->process(Object(Zend\Diactoros\ServerRequest), Object(Closure))
#13 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/fof/pwned-passwords/src/Middleware/CheckPasswordReset.php(55): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#14 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): FoF\PwnedPasswords\Middleware\CheckPasswordReset->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#15 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/fof/pwned-passwords/src/Middleware/CheckLoginPassword.php(45): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#16 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): FoF\PwnedPasswords\Middleware\CheckLoginPassword->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#17 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/fof/pwned-passwords/src/Middleware/PreventPwnedPassword.php(42): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#18 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): FoF\PwnedPasswords\Middleware\PreventPwnedPassword->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#19 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/fof/stopforumspam/src/Middleware/RegisterMiddleware.php(94): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#20 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): FoF\StopForumSpam\Middleware\RegisterMiddleware->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#21 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/fof/terms/src/Middlewares/RegisterMiddleware.php(54): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#22 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): FoF\Terms\Middlewares\RegisterMiddleware->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#23 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/flarum/core/src/Http/Middleware/SetLocale.php(50): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#24 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\SetLocale->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#25 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/flarum/core/src/Http/Middleware/CheckCsrfToken.php(31): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#26 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\CheckCsrfToken->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#27 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/flarum/core/src/Http/Middleware/AuthenticateWithHeader.php(55): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#28 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\AuthenticateWithHeader->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#29 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/flarum/core/src/Http/Middleware/AuthenticateWithSession.php(32): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#30 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\AuthenticateWithSession->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#31 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/flarum/core/src/Http/Middleware/RememberFromCookie.php(51): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#32 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\RememberFromCookie->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#33 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/flarum/core/src/Http/Middleware/StartSession.php(61): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#34 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\StartSession->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#35 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/flarum/core/src/Api/Middleware/FakeHttpMethods.php(29): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#36 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Api\Middleware\FakeHttpMethods->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#37 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/flarum/core/src/Http/Middleware/ParseJsonBody.php(28): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#38 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\ParseJsonBody->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#39 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/flarum/core/src/Http/Middleware/HandleErrors.php(57): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#40 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\HandleErrors->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#41 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/MiddlewarePipe.php(83): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#42 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/middlewares/request-handler/src/RequestHandler.php(84): Zend\Stratigility\MiddlewarePipe->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#43 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): Middlewares\RequestHandler->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#44 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/middlewares/base-path-router/src/BasePathRouter.php(97): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#45 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): Middlewares\BasePathRouter->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#46 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Middleware/OriginalMessages.php(41): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#47 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): Zend\Stratigility\Middleware\OriginalMessages->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#48 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/middlewares/base-path/src/BasePath.php(53): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#49 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/Next.php(60): Middlewares\BasePath->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#50 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/MiddlewarePipe.php(83): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#51 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-stratigility/src/MiddlewarePipe.php(72): Zend\Stratigility\MiddlewarePipe->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\EmptyPipelineHandler))
#52 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/zendframework/zend-httphandlerrunner/src/RequestHandlerRunner.php(95): Zend\Stratigility\MiddlewarePipe->handle(Object(Zend\Diactoros\ServerRequest))
#53 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/vendor/flarum/core/src/Http/Server.php(44): Zend\HttpHandlerRunner\RequestHandlerRunner->run()
#54 /var/www/vhosts/phenomlab.com/forum.phenomlab.com/index.php(22): Flarum\Http\Server->listen()
#55 {main}

Despite the fields in the user table actually existing ??

[deleted] · Dec 18, 2019

Seems there's also an error with the SQL statement used

update 'users' set 'twofa_enabled' = 1, 'google2fa_secret' = GBAJQ4V454XDDOW3 where id = '1'

This doesn't work as quotes are missing - it should be

update 'users' set 'twofa_enabled' = 1, 'google2fa_secret' = 'GBAJQ4V454XDDOW3' where id = '1'