search

maldua-suite / zimbra-ose-2fa

Two factor authentication for Zimbra OSE
13 stars 5 forks source link

shows me the key and not the qr code image #5

Closed G1anko closed 1 year ago

G1anko commented 1 year ago

It is very good! It only shows me the key and not the qr code image. Has the problem occurred to others? (Release 8.8.15_GA_3953.RHEL8_64_20200629025823 RHEL8_64 FOSS edition, Patch 8.8.15_P44.) noqr I had tried to install version 0.6.0 before... At the same time I have also installed Zimbra open source two factor authentication with PrivacyIDEA and it shows the qr code image. I tried in a virtual machine with all the same (Release 8.8.15_GA_3953.RHEL8_64_20200629025823 RHEL8_64 FOSS edition, Patch 8.8.15_P41 and at the same time 2FA PrivacyIDEA) and the image of the qr code appears! I must have changed something...

G1anko commented 1 year ago

With an update from P41 to P43, the qr image stopped appearing in the virtual machine as well. I installed 2FA again in the virtual machine and the qr image appeared.

adriangibanelbtactic commented 1 year ago

At the same time I have also installed Zimbra open source two factor authentication with PrivacyIDEA and it shows the qr code image.

Zimbra Open Source Two Factor Authentication with PrivacyIDEA project is a completely different project.

The 2FA codes are not saved into Zimbra itself but in PrivacyIDEA which has a 50 users limit in its open version. It is not compatible with this implementation.

So if you are going to use this zimbra-ose-2fa implementation you should remove manually the PrivacyIDEA one first.

adriangibanelbtactic commented 1 year ago

I had tried to install version 0.6.0 before...

As the documentation regarding Upgrade says you need to make sure to run:

su - zimbra -c 'zmzimletctl undeploy com_btactic_twofactorauth_qr'

before anything else.

adriangibanelbtactic commented 1 year ago

I tried in a virtual machine with all the same (Release 8.8.15_GA_3953.RHEL8_64_20200629025823 RHEL8_64 FOSS edition, Patch 8.8.15_P41 and at the same time 2FA PrivacyIDEA) and the image of the qr code appears! I must have changed something...

As you can see in the Additional notes the QR addon modifies some stock Zimbra files.

So, yes, it's expected that you re-run the installer when some of those files are being updated/overwritten by the Zimbra update.

If you want to make sure that everything is reinstalled again the procedure is the following one:

G1anko commented 1 year ago 
su - zimbra -c 'zmzimletctl undeploy com_btactic_twofactorauth_qr'

before anything else.

I've done it many times I will follow the instructions. Thanks!

adriangibanelbtactic commented 1 year ago

So, yes, it's expected that you re-run the installer when some of those files are being updated/overwritten by the Zimbra update.

I'll try to add a section about Zimbra upgrades so this is better explained.

adriangibanelbtactic commented 1 year ago 
su - zimbra -c 'zmzimletctl undeploy com_btactic_twofactorauth_qr'

before anything else.

I've done it many times I will follow the instructions. Thanks!

Yeah, hopefully the commands do the trick, otherwise you will have to figure out on your own what the PrivacyIdea installation changed on your system that it is now colliding/clashing with this implementation.

G1anko commented 1 year ago

Since the problem doesn't occur in the other VM with PrivacyIdea and Maldua running at the same time (the qr image appears fine in both), I wonder if the 0.6.0 version that was originally installed made changes that were not fixed by 0.7.0 Only these 3 zimbra files change? /opt/zimbra/jetty/webapps/zimbra/public/TwoFactorSetup.jsp /opt/zimbra/jetty/webapps/zimbra/js/Preferences_all.js /opt/zimbra/jetty/webapps/zimbra/js/Preferences_all.js.zgz

adriangibanelbtactic commented 1 year ago

Since the problem doesn't occur in the other VM with PrivacyIdea and Maldua running at the same time (the qr image appears fine in both)

That setup is not supported but ok.

I wonder if the 0.6.0 version that was originally installed made changes that were not fixed by 0.7.0

The only thing different about 0.6.0 is the QR zimlet which you have already undeployed so you should be fine.

Only these 3 zimbra files change? /opt/zimbra/jetty/webapps/zimbra/public/TwoFactorSetup.jsp /opt/zimbra/jetty/webapps/zimbra/js/Preferences_all.js /opt/zimbra/jetty/webapps/zimbra/js/Preferences_all.js.zgz

You can check what the installer does here: https://github.com/btactic/zimbra-ose-2fa/blob/v0.7.0/install.sh just in case I have missed anything.

adriangibanelbtactic commented 1 year ago

@G1anko Why you don't give a try to: https://github.com/btactic/zimbra-ose-2fa/issues/4#issuecomment-1787607097 ?

Maybe the most recent patch has updated some of the 2FA code and it's more similar to Zimbra 9/Zimbra 10 codebase. It's safe to test because that specific change should work for 8.8.15 too.

G1anko commented 1 year ago

I tried to clear the chrome cache today and the qr image appeared! I had a feeling I had tried it before I wrote to you, but it didn't work then. 0.6.0 seems to have left its mark on chrome... Maldua's 2fa works great! Sorry for the inconvenience! Thanks a lot for your time!

G1anko commented 1 year ago
  • Run the installer
cp /opt/zimbra/jetty/webapps/zimbra/public/TwoFactorSetup.jsp_2FAQR_COPY /opt/zimbra/jetty/webapps/zimbra/public/TwoFactorSetup.jsp
cp /opt/zimbra/jetty/webapps/zimbra/js/Preferences_all.js_2FAQR_COPY /opt/zimbra/jetty/webapps/zimbra/js/Preferences_all.js
cp /opt/zimbra/jetty/webapps/zimbra/js/Preferences_all.js.zgz_2FAQR_COPY /opt/zimbra/jetty/webapps/zimbra/js/Preferences_all.js.zgz
  • Run the installer again

but it is very likely also due to a recent oracle linux update or the above commands I gave again. I am confused... Maldua's 2fa works great!

adriangibanelbtactic commented 1 year ago

I tried to clear the chrome cache today and the qr image appeared! I had a feeling I had tried it before I wrote to you, but it didn't work then. 0.6.0 seems to have left its mark on chrome... Maldua's 2fa works great! Sorry for the inconvenience! Thanks a lot for your time!

Yes, you always have to make additional tests with a different Internet browser than the usual one and in incognito/private mode.

I'm glad it finally worked for you.