User can't setup 2FA (no QR code displays).

[dtritsch]

Description

No QR code is displayed to complete 2FA setup after clicking "Begin Two Factor Authentication Enrollment" on page .../v2/user/current/enroll2fa.

• ChurchCRM version: 5.6.0
• PHP version the server running: 8.2.17
• DB Server and Version the server is running: Percona Server MySQL 5.7.23-23
• Webhost: HostGator.com

Steps To Reproduce

Steps to reproduce the behavior:

📋 Cypress Recorder Results:

cy.visit('.../v2/dashboard');
cy.get('.dropdown:nth-child(6) > .nav-link').click();
cy.url().should('contains', '.../v2/user/current/enroll2fa');

Expected behavior

A QR code should display to enable the setup of two-factor authentication.

Screenshots and/or logs

📋 Relevant screenshots:

📋 Logs:

[2024-03-30T17:10:07.939728-05:00] slim-app.ERROR: Slim Application Error Type: Error Code: 0 Message: Call to undefined method Endroid\QrCode\QrCode::writeDataUri() File: .../api/routes/users/user-current.php Line: 25 Trace: #0 .../vendor/slim/slim/Slim/Handlers/Strategies/RequestResponse.php(38): refresh2fasecret(Object(Laminas\Diactoros\ServerRequest), Object(Laminas\Diactoros\Response), Array) #1 .../vendor/slim/slim/Slim/Routing/Route.php(358): Slim\Handlers\Strategies\RequestResponse->__invoke('refresh2fasecre...', Object(Laminas\Diactoros\ServerRequest), Object(Laminas\Diactoros\Response), Array) #2 .../vendor/slim/slim/Slim/MiddlewareDispatcher.php(65): Slim\Routing\Route->handle(Object(Laminas\Diactoros\ServerRequest)) #3 .../vendor/slim/slim/Slim/MiddlewareDispatcher.php(65): Slim\MiddlewareDispatcher->handle(Object(Laminas\Diactoros\ServerRequest)) #4 .../vendor/slim/slim/Slim/Routing/Route.php(315): Slim\MiddlewareDispatcher->handle(Object(Laminas\Diactoros\ServerRequest)) #5 .../vendor/slim/slim/Slim/Routing/RouteRunner.php(68): Slim\Routing\Route->run(Object(Laminas\Diactoros\ServerRequest)) #6 .../ChurchCRM/Slim/Middleware/VersionMiddleware.php(14): Slim\Routing\RouteRunner->handle(Object(Laminas\Diactoros\ServerRequest)) #7 .../vendor/slim/slim/Slim/MiddlewareDispatcher.php(168): ChurchCRM\Slim\Middleware\VersionMiddleware->__invoke(Object(Laminas\Diactoros\ServerRequest), Object(Slim\Routing\RouteRunner)) #8 .../ChurchCRM/Slim/Middleware/AuthMiddleware.php(36): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(Laminas\Diactoros\ServerRequest)) #9 .../vendor/slim/slim/Slim/MiddlewareDispatcher.php(168): ChurchCRM\Slim\Middleware\AuthMiddleware->__invoke(Object(Laminas\Diactoros\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous)) #10 .../vendor/slim/slim/Slim/Middleware/BodyParsingMiddleware.php(64): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(Laminas\Diactoros\ServerRequest)) #11 .../vendor/slim/slim/Slim/MiddlewareDispatcher.php(121): Slim\Middleware\BodyParsingMiddleware->process(Object(Laminas\Diactoros\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous)) #12 .../vendor/slim/slim/Slim/Middleware/ErrorMiddleware.php(76): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(Laminas\Diactoros\ServerRequest)) #13 .../vendor/slim/slim/Slim/MiddlewareDispatcher.php(121): Slim\Middleware\ErrorMiddleware->process(Object(Laminas\Diactoros\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous)) #14 .../vendor/slim/http-cache/src/Cache.php(67): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(Laminas\Diactoros\ServerRequest)) #15 .../vendor/slim/slim/Slim/MiddlewareDispatcher.php(121): Slim\HttpCache\Cache->process(Object(Laminas\Diactoros\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous)) #16 .../vendor/slim/http-cache/src/Cache.php(67): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(Laminas\Diactoros\ServerRequest)) #17 .../vendor/slim/slim/Slim/MiddlewareDispatcher.php(121): Slim\HttpCache\Cache->process(Object(Laminas\Diactoros\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous)) #18 .../vendor/slim/slim/Slim/MiddlewareDispatcher.php(65): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(Laminas\Diactoros\ServerRequest)) #19 .../vendor/slim/slim/Slim/App.php(199): Slim\MiddlewareDispatcher->handle(Object(Laminas\Diactoros\ServerRequest)) #20 .../vendor/slim/slim/Slim/App.php(183): Slim\App->handle(Object(Laminas\Diactoros\ServerRequest)) #21 .../api/index.php(76): Slim\App->run() #22 {main} [] []

Debugging Steps

Developer tools log:

debug:1052 [Report Only] Refused to load the font 'data:application/x-font-ttf;charset=utf-8;base64,AAEAAAALAIAAAwAwT1MvMg8SBfAAAAC8AAAAYGNtYXAXVtKNAAABHAAAAFRnYXNwAAAAEAAAAXAAAAAIZ2x5ZgYydxIAAAF4AAAFNGhlYWQUJ7cIAAAGrAAAADZoaGVhB20DzAAABuQAAAAkaG10eCIABhQAAAcIAAAALGxvY2ED4AU6AAAHNAAAABhtYXhwAA8AjAAAB0wAAAAgbmFtZXsr690AAAdsAAABhnBvc3QAAwAAAAAI9AAAACAAAwPAAZAABQAAApkCzAAAAI8CmQLMAAAB6wAzAQkAAAAAAAAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAABAAADpBgPA/8AAQAPAAEAAAAABAAAAAAAAAAAAAAAgAAAAAAADAAAAAwAAABwAAQADAAAAHAADAAEAAAAcAAQAOAAAAAoACAACAAIAAQAg6Qb//f//AAAAAAAg6QD//f...ABAAAAAAAEAAcAdQABAAAAAAAFAAsAFQABAAAAAAAGAAcASwABAAAAAAAKABoAigADAAEECQABAA4ABwADAAEECQACAA4AZwADAAEECQADAA4APQADAAEECQAEAA4AfAADAAEECQAFABYAIAADAAEECQAGAA4AUgADAAEECQAKADQApGZjaWNvbnMAZgBjAGkAYwBvAG4Ac1ZlcnNpb24gMS4wAFYAZQByAHMAaQBvAG4AIAAxAC4AMGZjaWNvbnMAZgBjAGkAYwBvAG4Ac2ZjaWNvbnMAZgBjAGkAYwBvAG4Ac1JlZ3VsYXIAUgBlAGcAdQBsAGEAcmZjaWNvbnMAZgBjAGkAYwBvAG4Ac0ZvbnQgZ2VuZXJhdGVkIGJ5IEljb01vb24uAEYAbwBuAHQAIABnAGUAbgBlAHIAYQB0AGUAZAAgAGIAeQAgAEkAYwBvAE0AbwBvAG4ALgAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=' because it violates the following Content Security Policy directive: "font-src 'self' fonts.gstatic.com".

/api/system/background/csp-report:1 

       Failed to load resource: the server responded with a status of 406 ()

Desktop (please complete the following information):

• OS and Version: Windows 11
• Browser (and Version): Chrome 123.0.6312.86

[DAcodedBEAT]

It looks like this library changed the way this class is defined, fix would be to find the analogous function in the new version of the library