Two factor authentication plugin problem

Post a reply


This question is a means of preventing automated form submissions by spambots.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

If you wish to attach one or more files enter the details below.

Expand view Topic review: Two factor authentication plugin problem

Re: Two factor authentication plugin problem

by slid3r » Tue May 04, 2021 9:51 am

Hi there, it's me again.

This time it's another problem, but it keeps occuring only with those users who have 2fa enabled. It leads to the website hanging displaying "There has been a critical error on this website". Below is the log from WP e-mail notification. There is also an iThemes Security plugin installed and I guess it's combination with 2fa and your plugin induces the problem (particularly login-interstitial part).

Would appreciate any help.

Code: Select all

Error Details
=============
An error of type E_ERROR was caused in line 246 of the file /home/sites/12b/4/4ed27b4da4/public_html/wp-content/plugins/better-wp-security/core/lib/class-itsec-lib-login-interstitial.php. Error message: Uncaught Error: Call to undefined method stdClass::exists() in /home/sites/12b/4/4ed27b4da4/public_html/wp-content/plugins/better-wp-security/core/lib/class-itsec-lib-login-interstitial.php:246
Stack trace:
#0 /home/sites/12b/4/4ed27b4da4/public_html/wp-includes/class-wp-hook.php(292): ITSEC_Lib_Login_Interstitial->wp_login('gianni@ig-fest....', Object(stdClass))
#1 /home/sites/12b/4/4ed27b4da4/public_html/wp-includes/class-wp-hook.php(316): WP_Hook->apply_filters(NULL, Array)
#2 /home/sites/12b/4/4ed27b4da4/public_html/wp-includes/plugin.php(484): WP_Hook->do_action(Array)
#3 /home/sites/12b/4/4ed27b4da4/public_html/wp-content/plugins/wp-w3all-phpbb-integration/class.wp.w3all-phpbb.php(606): do_action('wp_login', 'gianni@ig-fest....', Object(stdClass))
#4 /home/sites/12b/4/4ed27b4da4/public_html/wp-content/plugins/wp-w3all-phpbb-integration/class.wp.w3all-phpbb.php(17): WP_w3all_phpbb::verify_phpbb_credentials()
#5 /home/sites/12b/4/4ed27b4da4/public_html/wp-includes/class-wp-hook.php(292): WP_w3all_phpbb::w

Re: Two factor authentication plugin problem

by DjPorkchop73 » Wed Apr 21, 2021 1:33 am

Sorry to barge in here suddenly but I use this one, https://www.simbahosting.co.uk/s3/produ ... ntication/ (free version not paid) and I do not have such an issue.

I believe 1 time emergency codes is paid version as well as the HOTP (event based) feature. I currently use the TOTP (time based - most common algorithm; used by Google Authenticator) and I have no issues at all.

Ok back out I go now. Have a fantastic evening all!

Re: Two factor authentication plugin problem

by slid3r » Sun Apr 18, 2021 5:11 pm

As I said initial solution suits me, but thank you for your thoughts about this matter. I am sure it would be helpful for other users.
Still though, hope that the first fix (with "validate_2fa" condition) will be added to the next update.

Re: Two factor authentication plugin problem

by axew3 » Sat Apr 17, 2021 7:56 pm

Ok, but sorry, i need to return over, and maybe an option (since two not useful otions will be removed on next 2.4.5 plugin admin) can be added about this.
And thinking on it, but not tested, i assume that:
1) the first edit into open /wp-content/plugins/wp-w3all-phpbb-integration/class.wp.w3all-phpbb.php
should not be required, but only the one into wp_w3all.php file https://www.axew3.com/w3/forums/viewtop ... 5233#p5233
this should cover any used two factor method, because the subsequent login hook is not executed until second check not completed. AT this time the 2factor plugin login the user and fire wp_login hook, so the phpBB session being released.


2) the user will be anyway able to login into phpBB after pass reset, despite double confirmation still not checked. Or you'll need to allow user's logins only in WP side, to have always the correct result with users that could try to login in phpBB instead. Ways are more than one.
To resolve this would be necessary to setup the user as not active or with a rand pass (that the user will not know, updated to the good one only after) into phpBB, until confirmation not executed.

Re: Two factor authentication plugin problem

by slid3r » Sat Apr 17, 2021 6:55 pm

axew3 wrote:
Sat Apr 17, 2021 5:50 pm

add this code:

Code: Select all

  if( isset( $_GET['action'] ) && $_GET['action'] == 'validate_2fa' ){
  	return;
  }
this has been tested using for an user, the 2fa by email first option, do not know if activating others available options, the name of the var change, so that you should change action OR/AND validate_2fa.
Thank you so much, it worked like a charm. Didn't expect such an expedited answer, I appreciate that!

axew3 wrote:
Sat Apr 17, 2021 5:50 pm
p.s .... ahhh ... but maybe the user will be logged in anyway on forum at first authentication.
axew3 wrote:
Sat Apr 17, 2021 6:21 pm
as above mentioned, read the previous post, and the flow to work fine with this, also require another thing.
axew3 wrote:
Sat Apr 17, 2021 6:21 pm
into this:
CODE: SELECT ALL

//$phpBB_user_session_set = WP_w3all_phpbb::phpBB_user_session_set_res($wpu);
This thing didn't work quite well— before I enter 2fa the user is not logged in yet into phpbb, so this part is ok. But after I enter 2fa, I am not logged in anywhere.
Anyway, the case where user is logged into phpbb without 2fa entered is not such critical as the previous one. So I am already happy with the initial answer. Thank you!

Re: Two factor authentication plugin problem

by axew3 » Sat Apr 17, 2021 5:50 pm

Ok, just installed the one you say: https://wordpress.org/plugins/two-factor/

open /wp-content/plugins/wp-w3all-phpbb-integration/class.wp.w3all-phpbb.php

just after this code:

Code: Select all

private static function verify_phpbb_credentials(){
  global $w3all_config, $wpdb, $w3cookie_domain, $w3all_anti_brute_force_yn, $w3all_bruteblock_phpbbulist, $w3all_phpbb_lang_switch_yn, $useragent, $wp_w3all_forum_folder_wp, $w3all_profile_sync_bp_yn, $w3all_add_into_wp_u_capability;
add this code:

Code: Select all

  if( isset( $_GET['action'] ) && $_GET['action'] == 'validate_2fa' ){
  	return;
  }
this has been tested using for an user, the 2fa by email first option, do not know if activating others available options, the name of the var change, so that you should change action OR/AND validate_2fa.

In case let know if something still do not work your side-

...and more fixes for several problems i've find out, and new additions, on coming very soon 2.4.5 releasing it next week.

p.s .... ahhh ... but maybe the user will be logged in anyway on forum at first authentication.
So in this case ... let see, a moment

Re: Two factor authentication plugin problem

by slid3r » Sat Apr 17, 2021 5:08 pm

I just checked with all the other available 2fa plugins, and it's all the same. Is there any possible sollution?

Two factor authentication plugin problem

by slid3r » Sat Apr 17, 2021 1:25 pm

Hello!

I am facing a problem with two factor authentication plugin: https://wordpress.org/plugins/two-factor/

When the user has 2 factor enabled, then when he logs into the wp, he is shown 2fa dialogue to enter the code. But at the same time he is already loged into phpbb. This causes a strange loop — when user enters the authenticatin code, it won't let him in, and would show the same field again. And what's worst, the user can't enter any other page on the website, whatever page he visits, there is always a 2fa dialogue asking him to enter a code.

Nothing can't be done, until cookies are deleted or user logs out from the phpbb. But it doesn't solve the issue that the user can't see anything else on the page. Hope you would help me with that.

Top