Closed jozefrebjak closed 2 years ago
Yes, it is working nicely.
I'm tried to find where I have something wrong, but I can't find it. I noticed there is probably a mistake in comment within file /src/Config/Auth.php
:
- register: Shield\Authentication\Actions\EmailActivate
There is no EmailActivate
action, but there is EmailActivator
action within /src/Authentication/Actions
, so I changed it to correct action, but nothing changed. It seems like a some kind a problem with registering an action. Magic link is working as expected for me, but email verification and 2FA not. @lonnieezell I tried it with Bonfire2 and it's the same for me.
I found an issue. We need to specify correct actions like:
Wrong
- login: Shield\Authentication\Actions\Email2FA
- register: Shield\Authentication\Actions\EmailActivate
Correct
- login: Sparks\Shield\Authentication\Actions\Email2FA
- register: Sparks\Shield\Authentication\Actions\EmailActivator
Email2F
is working for me now. But how to get to work EmailActivator
? . How we can get
$user = auth()->user();
if we are not logged in within /src/Authentication/Actions/EmailActivator.php
?
@lonnieezell We are getting error: Attempt to read property "id" on null
, because there is no logged in user, what make sense because We want to check user before login with Email code.
@nowackipawel How it's working nicely for you ?
@lonnieezell I can see another problem with Email2F
. We can skip the whole 2F by just changing URL, because the user is already logged in. The whole 2F flow is trigged after logging in. OK, we have typed the correct username and password, but if we want to use 2F, we need to change something in database to not allow the user to access an application without 2F code.
@jozefrebjak that's a good point. We save that information as an identity for the user, so it sounds like we need to check that during the controller filter. I've got some other stuff taking up my time for the next few days but can hopefully start to look into it by the end of the week, unless someone else submits a PR for that first.
@lonnieezell I'm trying to implement Shield into my project. Bonfire2 it's helping me a lot, but there is also some bugs. I'll try to submit some PR's to improve both projects. I'm using myth-auth in a production, but Shield looks better to me now. Nobody likes the 2F, but nowadays it's a must, public internet is dangerous place.
Ok so, there is some fix. I will be working on it to extend / improve it. Anyway, the most important use case looks that it is fixed.
I planned to use better checks in some cases like: i.e. class_implements to check if config field class is the right one in chain filter but in fact we should expect developer to configure everything correctly according to the architecture delivered by @lonnieezell .
Email2F
is working for me now. But how to get to workEmailActivator
? . How we can get$user = auth()->user();
if we are not logged in within
/src/Authentication/Actions/EmailActivator.php
?@lonnieezell We are getting
error: Attempt to read property "id" on null
, because there is no logged in user, what make sense because We want to check user before login with Email code.@nowackipawel How it's working nicely for you ?
In fact EmailActivator did not but now it seams to work - I updated changes to my repo - you could try it out to give me feedback or better wait for @lonnieezell to accept my PR #40
@lonnieezell I updated to version with new commits from you, but I'm still not happy with behaviour within 2FA. I will try to explain it better:
Step 1
lougout
from app. I believe that auth session is cleared.Step 2
login
with 2FA enabled with action Email2FA
/auth/a/show
with asking me to send code to provided email, but we already have session up, because we can view email in form input because of helper function auth()->user()->email
0
email_password
what seems okStep 3
http://localhost/auth/a/show
to http://crm/admin
and I'm not getting any redirect to auth/a/show
route as should be expected. In AuthSession is added
// If user is in middle of an action flow
// ensure they must finish it first.
$user = auth('session')->user();
$identity = auth('session')->user()->getIdentity('email_2fa');
if ($identity instanceof UserIdentity) {
$action = config('Auth')->actions['login'];
if ($action) {
session()->set('auth_action', $action);
return redirect()->route('auth-action-show')->with('error', lang('Auth.need2FA'));
}
}
but how we can get that redirect if in database doesn't exist identity with email_2fa type
within /auth/a/show
route view.
I have extended actions and controller so maybe I'm missing something.
@lonnieezell I submited PR https://github.com/lonnieezell/codeigniter-shield/pull/41, which will solve problem with actions. Another problem is email_2fa
within getIdentity
because email_2fa
doesn't exit with Step 1 and we can still skip 2FA.
Sorry about that - should be fixed now.
@lonnieezell perfect. Email 2FA is now working!
@jozefrebjak Awesome! Back in town now and will be tightening up Email Verification also. Which should get us ready for a 1.0 launch.
If
Force email verification after registration
is enabled it will redirect after register form toauth/a/show
route, but it returnThe same behaviour with
Force 2FA check after login