Craft 3 support

[espensgr]

Hey,

Any ETA for plugin store?

[roelvanhintum]

@espensgr We are working on Craft 3 support, but since we are not yet running projects on Craft 3 there is not a lot of time i get to spend on this. I'm hoping to get the plugin done in april. We will submit it same day we get the release done i'll submit it to the store.

[espensgr]

@roelvanhintum Good to know :thumbsup:

[dowadidi]

+1 😊

[PRASS95]

+1

[RichardJong]

@roelvanhintum Thanks for the great work so far. Any idea if the launch of v3 is imminent? Otherwise we'll develop our own solution.

[roelvanhintum]

I'm working on it. I'm hoping to get things working today. Sorry, for the insane delay. Luckily the Craft 3 docs are a lot better by now. 😄

[roelvanhintum]

Check 2.0.0-beta.1. It should be fully functional, i just didn't test it in a production environment yet! Please, let me know if you have any problems!

[dowadidi]

Will do! Thank you!

[RichardJong]

Thanks for the beta! However the plugin doesn't enforce the use of the 2FA code for admin pages, because of https://github.com/craftcms/cms/issues/2473

Steps to reproduce:

1. Setup 2FA for your account
2. Login with normal credentials
3. Instead of entering 2FA code, go directly to http://yoursite/admin/dashboard
4. You're fully logged in, despite not entering the 2FA code

Please correct me if I missed something

[roelvanhintum]

@RichardFrontwise Just tried to reproduce the issue, but i got logged out as supposed to. Can you give me some specifics about your settings? Do you have a different admin path or domain?

[RichardJong]

Did a clean craft install and the plugin works as expected! Discovered that the custom defaultCookieDomain in general.php causes the malfunction.

[roelvanhintum]

Thanks! Sounds like that should not influence the plugin. I will run some tests on changing the config:

• defaultCookieDomain
• baseCpUrl
• cpTrigger

[RichardJong]

Digging deeper: defaultCookieDomain results in a redirect loop. The login problem I described earlier is because another plugin has the checkPermission function in its init():

if (Craft::$app->getUser()->checkPermission('performUpdates')) {
    # code...
}

[roelvanhintum]

Ok, i'll look into hooking into this on a lower level. Right now it passes through authentication and logs out when the 2FA is not verified.

[roelvanhintum]

@RichardFrontwise in beta 2 the redirect loop should be fixed. I couldn't move the rest of the logic to a lower level due to some limitations in Craft's routing structure.

[RichardJong]

Awesome, thanks! Discovered another issue: if you enable the debug toolbar in the Control panel, the post call of the 2FA returns a 403 Unauthorized.

[roelvanhintum]

Debug toolbar issue is discussed in #9