Closed tonymilne closed 5 years ago
Hi @tonymilne unfortunately i don't have any experience with CloudFront. I know it's a CDN. Does it cache responses or interfere with sessions?
Can you disable forceBackEnd
and login with 2FA enabled for your user? I want to know for sure it's the extra screen that causes the CloudFront redirect loop.
Yeah, we created an environment variable to control the forceBackEnd
config and have turned it off until we can work out why it's causing us an issue.
Might not be the screen (template) itself, but it might be something that is around the logic of getting to that point - my absolutely wild guess is maybe it is being tripped up here (and being logged out?): https://github.com/born05/craft-twofactorauthentication/blob/fc566b4ae0437cf1c3ded68e738bfd1fbf02f74b/src/services/Request.php#L28
Any thoughts?
I also wonder if it has anything to do with the index.php?p= approach, where as our other urls are not using that url/querystring approach.
@tonymilne can you login using 2FA when forceBackEnd
is off? Or do you use the login without 2FA?
The urls the plugin uses should be generated. For our own projects we have omitScriptNameInUrls
set for prettier urls, i'm guessing this is similar to your setup.
The logic you referred to does trigger the logout, but that is intended to prevent users to pass without 2FA (without that piece of logic the plugin would be useless).
The snippet came from an older version of the plugin, are you sure you are using the latest release? At this moment the plugin is at 2.1.1 which is build for craft 3.1.
@tonymilne do you still run into this?
Fixed in 2.2.0
Unsure why, but when our website is behind AWS CloudFront it causes a redirect loop back to the /admin/login page rather than going to the force enable 2FA page when we have
forceBackEnd=true
.When we test locally or direct to the ElasticBeanstalk instance, it all works.
Do you have any insight or advice on what might be causing this or how we might approach debugging it?