yrccondor
commented
4 years ago hi, could you please tell me what authenticator and what browser you are using? i'm using the same version of wordpress and php but everything works fine.
Closed ghost closed 4 years ago
yrccondor
commented
4 years ago hi, could you please tell me what authenticator and what browser you are using? i'm using the same version of wordpress and php but everything works fine.
ghost
commented
4 years ago i have registred yubikey (two of them), and the windows 10 fingerprint. I'm using vivaldi stable last version
there is a way to generate log when we connect ourself (if not it would be nice for the next version), like that we can send the log here to find the problem when we open an issue
yrccondor
commented
4 years ago I've tested this plugin on latest version of vivaldi with my yubikey, it worked fine on my site. It's strange. Unfortunately there is no way to generate log currently, but I'm working on it.
Every authentication process will raise 2 ajax requests, if it's possible could you please tell me what's the responses of those 4 request?
ghost
commented
4 years ago ok i will check on that and post the content of these request, when i have done the check
ghost
commented
4 years ago Only two request done
First : {"challenge":".......","rpId":".......","userVerification":"required","allowCredentials":[{"type":"public-key","id":"......."},{"type":"public-key","id":"......."},{"type":"public-key","id":"......."},{"type":"public-key","id":"......."}],"timeout":60000}
Second : Something went wrong.
ghost
commented
4 years ago i have tested without the userVerification it's the same result
yrccondor
commented
4 years ago I've updated the plugin with log feature. Please update to 1.0.7, if the problem still exists, you can post the log here.
ghost
commented
4 years ago Here i have redone the same with log (i have replaced all the cryptographic data by ... for more readable log
First try (failed)
[2020-05-12 01:58:03][4cf0d8] ajax_auth: type => "auth", user => "testuser" [2020-05-12 01:58:03][4cf0d8] ajax_auth: allowedCredentials => [{"type":"public-key","id":"..."},{"type":"public-key","id":"..."},{"type":"public-key","id":"..."}] [2020-05-12 01:58:03][4cf0d8] ajax_auth: user_verification => "true" [2020-05-12 01:58:03][4cf0d8] ajax_auth: Challenge sent [2020-05-12 01:58:05][236a27] ajax_auth_response: Client response received [2020-05-12 01:58:05][236a27] ajax_auth_response: type => "auth", user => "testuser" [2020-05-12 01:58:05][236a27] ajax_auth_response: data => {"id":"...","type":"public-key","rawId":"...","response":{"authenticatorData":"...","clientDataJSON":"..."}} [2020-05-12 01:58:05][236a27] ajax_auth_response: Challenge verified [2020-05-12 01:58:05][236a27] ajax_auth_response: Log in user => "testuser" [2020-05-12 01:58:05][236a27] ajax_auth_response: (ERROR)Too few arguments to function Two_Factor_Core::wp_login(), 1 passed in /volume1/web/wordpress/wp-includes/class-wp-hook.php on line 287 and exactly 2 expected [2020-05-12 01:58:05][236a27] Traceback: 1) /volume1/web/wordpress/wp-admin/admin-ajax.php(190): do_action('wp_ajaxnopriv...') 2) /volume1/web/wordpress/wp-includes/plugin.php(478): WP_Hook->do_action(Array) 3) /volume1/web/wordpress/wp-includes/class-wp-hook.php(311): WP_Hook->apply_filters('', Array) 4) /volume1/web/wordpress/wp-includes/class-wp-hook.php(287): wwa_ajax_auth('') [2020-05-12 01:58:05][236a27] ajax_auth_response: (ERROR)Challenge not verified, exit
Second try connection success
[2020-05-12 01:58:08][6d5afe] ajax_auth: type => "auth", user => "testuser" [2020-05-12 01:58:08][6d5afe] ajax_auth: allowedCredentials => [{"type":"public-key","id":"..."},{"type":"public-key","id":"..."},{"type":"public-key","id":"..."}] [2020-05-12 01:58:08][6d5afe] ajax_auth: user_verification => "true" [2020-05-12 01:58:08][6d5afe] ajax_auth: Challenge sent [2020-05-12 01:58:12][245571] ajax_auth_response: Client response received [2020-05-12 01:58:12][245571] ajax_auth_response: type => "auth", user => "testuser" [2020-05-12 01:58:12][245571] ajax_auth_response: data => {"id":"...","type":"public-key","rawId":"...","response":{"authenticatorData":"...","clientDataJSON":"..."}} [2020-05-12 01:58:12][245571] ajax_auth_response: Challenge verified
yrccondor
commented
4 years ago It looks like Two Factor plugin modified the login process and wp-webauthn is conflict with it. Two factor authentication is unnecessary for those user that using webauthn but is needed by traditional password authentication. I'll check if it is possible to bypass two factor plugin when authenticating with webauthn.
yrccondor
commented
4 years ago After installing Two Factor plugin, I reproduced the same problem. I'll try to fix it.
yrccondor
commented
4 years ago Fixed in 496443a
I've checked 4 popular 2FA plugins, everything works fine now. 1.0.8 will be relased later.
ghost
commented
4 years ago i confirm it fixed, thanks a lot for your help :)
i have a little problem with it on my wordpress (last version (05/09/20 (mm/dd/yyyy)) with php 7.3), i have to authenticate myself two time, (i don't know why but the first time always fail)
I don't know if i'm alone with this bug