search

born05 / craft-twofactorauthentication

Craft plugin for two-factor or two-step login using Time Based OTP.
MIT License
36 stars 26 forks source link

Invalid auth code / password reset after 2FA login / redirects back to the login screen #76

Closed Romanavr closed 1 year ago

Romanavr commented 1 year ago

Craft Pro 4.4.6.1 Two-Factor Authentication 3.1.0 PHP version 8.1.16

I ran into some problems and it would be nice if there is any solution:

  1. Invalid auth code: In some cases, newly registered users are unable to login to the admin panel due to an invalid code. Even after synchronization time("Time correction for codes") in the Google Auth application, it still says that the authorization code is invalid. Any idea what it could be? Not sure if this is the problem plugin, I saw the totpDelay parameter, I suppose it might help?

  2. Password reset after 2FA login: Another case. The user can log in, the authorization code is valid, but after it redirects to the CP login screen with the error about "Invalid credentials", and the previous password is no longer valid. I don't know what exactly is happening, but the password definitely changes after entering the 2FA code, because the previous one is no longer valid.

  3. Redirects back to the login: Previously I got this issue https://github.com/born05/craft-twofactorauthentication/issues/70 and after upgrade to craft 4.x it seems happens again. I'm assuming this could be related to the second case somehow? The fix for me is the same, it's just clear the browser storage.

roelvanhintum commented 1 year ago

Is this fixed with 3.3.0?

Edit: 3.3.1

Romanavr commented 1 year ago

Is this fixed with ~3.3.0~?

Edit: 3.3.1

I'll update plugin and let you know

Romanavr commented 1 year ago

@roelvanhintum Still doesn't work, In the inspector I can see 400 response after typing code from app.

roelvanhintum commented 1 year ago

@Romanavr it could be that a new code is generated. Did you rescan the QR code?

Romanavr commented 1 year ago

@Romanavr it could be that a new code is generated. Did you rescan the QR code?

Of course, I re-scanned and tried with the new code, even more than once.

Romanavr commented 1 year ago

@roelvanhintum Just letting you know: the problem occurs when 2FA is not yet set up for the account. If 2FA is already there, there is no problem with the login.

roelvanhintum commented 1 year ago

Lets move this to one issue #84, to hopefully faster solving the issue.