search

marionnewlevant / craft-snitch

Craft plugin. Report when two people might be editing the same entry, category, or global
MIT License
35 stars 16 forks source link

2FA not working with Snitch enabled #19

Closed bliswebagency closed 3 years ago

bliswebagency commented 3 years ago

Hi,

We recently encountered the same problem as this issue #11 with the latest version of Snitch.

After login and on the 2FA verification screen, it fails with a "Login Required" exception while verifying the 2FA code via ajax request. Disabling Snitch fixes the issue, with the exception no longer occuring and 2FA continuing as normal.

Plugins and Craft version:

Craft CMS Pro 3.5.9
snitch 3.0.2
two-factor-authentication 2.6.3
weotch commented 3 years ago

Experiencing this as well on Snitch 3.0.3.

Here's the exception that is thrown when trying to login with https://github.com/born05/craft-twofactorauthentication:

2020-10-15 17:31:37 [-][-][-][error][yii\web\HttpException:403] yii\web\ForbiddenHttpException: Login Required in /Users/reinhard/Work/Clif Bar - Next/craft-cms/vendor/yiisoft/yii2/web/User.php:456
Stack trace:
#0 /Users/reinhard/Work/Clif Bar - Next/craft-cms/vendor/craftcms/cms/src/web/Controller.php(267): yii\web\User->loginRequired()
#1 /Users/reinhard/Work/Clif Bar - Next/craft-cms/vendor/craftcms/cms/src/web/Controller.php(154): craft\web\Controller->requireLogin()
#2 /Users/reinhard/Work/Clif Bar - Next/craft-cms/vendor/yiisoft/yii2/base/Controller.php(178): craft\web\Controller->beforeAction(Object(yii\base\InlineAction))
#3 /Users/reinhard/Work/Clif Bar - Next/craft-cms/vendor/craftcms/cms/src/web/Controller.php(189): yii\base\Controller->runAction('login-process', Array)
#4 /Users/reinhard/Work/Clif Bar - Next/craft-cms/vendor/yiisoft/yii2/base/Module.php(528): craft\web\Controller->runAction('login-process', Array)
#5 /Users/reinhard/Work/Clif Bar - Next/craft-cms/vendor/craftcms/cms/src/web/Application.php(274): yii\base\Module->runAction('two-factor-auth...', Array)
#6 /Users/reinhard/Work/Clif Bar - Next/craft-cms/vendor/craftcms/cms/src/web/Application.php(577): craft\web\Application->runAction('two-factor-auth...', Array)
#7 /Users/reinhard/Work/Clif Bar - Next/craft-cms/vendor/craftcms/cms/src/web/Application.php(253): craft\web\Application->_processActionRequest(Object(craft\web\Request))
#8 /Users/reinhard/Work/Clif Bar - Next/craft-cms/vendor/yiisoft/yii2/base/Application.php(386): craft\web\Application->handleRequest(Object(craft\web\Request))
#9 /Users/reinhard/Work/Clif Bar - Next/craft-cms/web/index.php(21): yii\base\Application->run()
#10 /Users/reinhard/.composer/vendor/laravel/valet/server.php(191): require('/Users/reinhard...')
#11 {main}
2020-10-15 17:31:37 [-][-][-][info][application] $_GET = [
    'p' => 'admin/actions/two-factor-authentication/verify/login-process'
]

$_POST = [
    'authenticationCode' => '504287'
]

Rolling back to Snitch 2.1.2 did not fix the issue for me, either.

espensgr commented 3 years ago

we are getting the same error, any eta on a fix here?

marionnewlevant commented 3 years ago

Attempting to recreate - could I have more details on how 2fa is set up, what you are doing in what order, etc?

espensgr commented 3 years ago

Could you help Marion with this @roelvanhintum to be able to squash this bug. I dont have enough knowledge about either plugins.

roelvanhintum commented 3 years ago

The 2fa plugin logs the user out on any cp request done before the 2fa code is entered. I'm guessing the snitch plugin does a ajax call before the code is entered resulting in logged out users.

roelvanhintum commented 3 years ago

There is no way that i know of to change the way authentication itself works in craft, so i'm using this mechanism to catch any "unauthorized" calls to the control panel.

marionnewlevant commented 3 years ago

Fixed for 3.0.4