scheb / two-factor-bundle

[ABANDONED] Two-factor authentication for Symfony 2 & 3 applications 🔐. Please use the newer versions from https://github.com/scheb/2fa.
https://github.com/scheb/2fa
MIT License
385 stars 111 forks source link

impossible to go through page 2fa during login #302

Closed TheoDeberles closed 4 years ago

TheoDeberles commented 4 years ago

Hello

Bundle version: 4.18 Symfony version: 4.4.7

Description Hello, I would like to integrate a 2fa in my project. After following the doc and adding this conf in my project, I don't go to page 2fa after logging in my user. Currently I do not see what is preventing the passage. Sometime I also had a symfony mistake : 'Google is not prepared

I give you the conf of my security.yml file

security:
    providers:
        fos_userbundle:
            id: fos_user.user_provider.username
        user_provider:
            entity:
                class: AppBundle\Entity\UserClient
                property: username

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        admin:
            context: corum
            pattern: ^/admin
            provider: fos_userbundle
            form_login:
                check_path: fos_user_security_check
                login_path: /admin/login
                default_target_path: easyadmin
            logout:
                path: /admin/logout
                target: /admin
            anonymous: true
            logout_on_user_change: true
            switch_user: true

        main:
            context: corum
            provider: user_provider
            pattern: ^/
            user_checker: AppBundle\Security\UserChecker

            form_login:
                provider: user_provider
                login_path: /login
                check_path: /login
                csrf_token_generator: security.csrf.token_manager
                default_target_path: app_dashboard

            two_factor:
                provider: user_provider
                auth_form_path: /2fa
                check_path: /2fa_check
                default_target_path: app_dashboard
                multi_factor: false

            logout:
                path: /logout
                target: /

            anonymous: true
            logout_on_user_change: true
            switch_user: true

    encoders:
        bcrypt:
            algorithm: bcrypt
        argon2i:
            algorithm: argon2i

    role_hierarchy:
        ROLE_ASSET_MANAGER: [ROLE_USER, ROLE_ALLOWED_TO_SWITCH]
        ROLE_ADMIN: ROLE_ASSET_MANAGER
        ROLE_SUPER_ADMIN: ROLE_ADMIN

    access_control:
       [.....]
      - { path: ^/, roles: [ROLE_TENANT, ROLE_PROVIDER] }
      - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }
scheb commented 4 years ago

Please follow the troubleshooting guide: https://github.com/scheb/two-factor-bundle/blob/4.x/Resources/doc/troubleshooting.md#two-factor-authentication-form-is-not-shown-after-login

TheoDeberles commented 4 years ago

Hello thank you for response. In version 4.4.7 of symfony, is it this bundle link https://github.com/scheb/2fa ? And if it's this bundle when we try to add Google authenticator we have the scheb_2fa.yml for the conf but in this part https://github.com/scheb/2fa/blob/5.x/doc/providers/google.md#custom-authentication-form-template the conf file is different

scheb commented 4 years ago

scheb/2fa is the newer version of this bundle (version 5). scheb/two-factor-bundle (version 4) also supports Symfony 4.4, but it is no longer actively developed. If possible, I'd recommend to use the newer version from scheb/2fa.

but in this part https://github.com/scheb/2fa/blob/5.x/doc/providers/google.md#custom-authentication-form-template the conf file is different

I don't see any difference. It's exactly the same as in version 4.

TheoDeberles commented 4 years ago

Ok so actually we have installed the lastest version previously recommended but at this time we have too many redirects to 2fa after login Capture d’écran 2020-10-15 à 15 08 23

scheb commented 4 years ago

This is probably the issue:

    access_control:
       [.....]
      - { path: ^/, roles: [ROLE_TENANT, ROLE_PROVIDER] }
      - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }

The ^/ path matches everything, so when Symfony is evaluating the rules one-by-one, it can never reach the rule for ^/2fa. Move that 2fa rule futher up.

TheoDeberles commented 4 years ago

The 2fa page gives me a 404 error and in the troubleshooting doc I do not know in which case I find.

scheb commented 4 years ago

Then there's no routing configured for that path. Check that you have configured a route for the 2fa form, which is connected to the controller from the bundle.

Example: https://github.com/scheb/two-factor-bundle/blob/4.x/Resources/doc/installation.md#step-3-define-routes

TheoDeberles commented 4 years ago

We have resolved the probleme when we have configured the routes again in the correct order with the default controller. Thank you for your help.