Closed iapparatus closed 4 years ago
@iapparatus sorry for the delay. I'm looking into this today.
@iapparatus the slash prefixing the path is causing it not to match. Can you try the following?
'frontEndPathBlacklist' => [
'*' => ['protected'],
],
Same goes for verifyPath
and settingsPath
.
Thanks, that solved the issue.
Hello, @roelvanhintum
First time user here, I am having a similar issue on Craft 2 / Plugin v1.20. When on verify code screen, I can hit the back button and the home page will load. Is there a code change in recent versions/craft 3 which could be backported to craft 2 to ensure no page can load until Verify code.
@tonyclemmey the craft 2 plugin didn't have support for front-end login. For craft 3 the plugin is rewritten for the most part. You could add your own validation to a custom plugin similar to what we're doing here: https://github.com/born05/craft-twofactorauthentication/blob/craft-2/TwoFactorAuthenticationPlugin.php#L55
You can even use the services from the plugin, so customization would be minimal. It is also discussed in #2 and #8 in case i'm missing something here.
I'm probably missing something but it seems like I'm able to get around 'Verify Code' screen after logging in simply by returning to the url that initiated the login.
Example: This URL requires login: /protected After entering credentials I'm redirected to /protected/verify Returning to /protected lets me see the page
My config file:
Craft CMS 3.1.34.3 Two-Factor Authentication Plug-In: 2.2.0