andrej-griniuk / cakephp-two-factor-auth Goto Github PK

I'm currently working on a project that uses CakePHP 4.3 and uses this plugin. We are dependant on the isEnabled2faProperty and version 3.0 doesn't have that one yet.

Update Release 3.0 to this commit so that's included in the 3.0 release as well.

Commit: aff450b as base of the 3.0 release.

PR that adds this feature: #18

If i need to create anything let me please know.

Thanks in advance.

In the FormAuthneticate.php you are using $response->location($verifyAction);. The location is now deprecated and does not send over the Flash messages in the redirect.

Are you planning to update the framework according to the newer methods.

I tried to update my implementation of this plugin and it failed miserably.

After the secret value has been saved to the database, and the user tries to login again, there is the following error:

Fatal error: Call to a member function allow() on boolean in /vendor/andrej-griniuk/cakephp-two-factor-auth/src/Controller/TwoFactorAuthController.php on line 24

This seems to be due to the inaccessibility to the Auth Component in the TwoFactorAuth Controller. I was able to get a work around for this by implementing the following code in the TwoFactorAuth Controller:

public function initialize()
{
	parent::initialize();
	$this->loadComponent('Auth');
}

Cake : 4.2
This plugin : ^3.0

The CookieAuthenticator lookup for rememberMeField in the login form but the intermediate TFA check form remove this field from request::data.

Someone have an idea how to allow remember_me checkbox on login form WITH this TFA plugin please ?

I try this code.
But when I scan QRcode in Authy or Google Authentificator, the code isn't equals to my code print.
$secret = "UBSZYUT3FBIGGDZR"; $code = $this->Auth->tfa->getCode($secret); echo "<img src='".$this->Auth->tfa->getQRCodeImageAsDataUri("Bahamas", $secret)."'/>"; echo $code . "<br/>"; echo $this->Auth->tfa->verifyCode($secret, "346259", 0) ? "OK" : "NOK<br/>"; echo $this->Auth->tfa->verifyCode($secret, $code, 0) ? "OK" : "NOK";

I have tried to change verifyAction config when we loading component, but it did not work. I have found out that either readme or code is wrong (not sure at what level verifyAction should actually be)

From readme (it does not work)

        $this->loadComponent('TwoFactorAuth.Auth', [
            'authenticate' => [
                'TwoFactorAuth.Form' => [
                    'fields' => [
                        'username' => 'username',
                        'password' => 'password',
                        'secret' => 'secret', // database field
                        'remember' => 'remember' // checkbox form field name for "Trust this device" feature
                    ],
                    'remember' => true, // enable "Trust this device" feature
                    'cookie' => [ // cookie settings for "Trust this device" feature
                        'name' => 'TwoFactorAuth',
                        'httpOnly' => true,
                        'expires' => '+30 days'
                    ],
                    'verifyAction' => [
                        'prefix' => false,
                        'controller' => 'TwoFactorAuth',
                        'action' => 'verify',
                        'plugin' => 'TwoFactorAuth'
                    ],
                ],
            ],
        ]);

When I change config like below then in works fine

        $this->loadComponent('TwoFactorAuth.Auth', [
            'authenticate' => [
                'TwoFactorAuth.Form' => [
                    'fields' => [
                        'username' => 'email',
                        'password' => 'password',
                        'secret' => 'secret', // database field
                        'remember' => 'remember' // checkbox form field name for "Trust this device" feature
                    ],
                    'remember' => true, // enable "Trust this device" feature
                    'cookie' => [ // cookie settings for "Trust this device" feature
                        'name' => env('APP_NAME', null) . '_TwoFactorAuth',
                        'httpOnly' => true,
                        'expires' => '+30 days'
                    ],
                ],
            ],
            'verifyAction' => [
                'prefix' => 'admin',
                'controller' => 'Users',
                'action' => 'verify',
            ],
        ]);

Should I update readme and send you pull request?

Please change the requirement
Thanks

I implemented this plugin as written in your documentation, but the app always returns an error message about the code entered.

My questions,

• what do we save in the secret db field, the generated secret code?
• in which step do we generate that code, I tried when the status is TWO_FACTOR_AUTH_REQUIRED.
• is it possible to get only a 6-digit numeric code?

Hello!

I think I reached end of Internet looking over this error.
I installed fresh cakephp 3.4.5 on my server.
Installed your plugin.
Added database field, plugin loader in bootstrap.php, changed AppController.php.

I got this annoying error and I don't know what to do. Can you give me a hint on how to resolve this?

Thanks!

Hi.
How to access to users data (and his secret) within verify action?
I'd like to read usersecret and useremail but I havent in verify action..

I miss something?

public function verify()
{
$this->Authorization->skipAuthorization();
$this->request->allowMethod(['get', 'post']);
$secret="usersecret";
$secretDataUri = $this->TwoFactorAuth->getQRCodeImageAsDataUri('useremail', $secret);
$this->set(compact('secretDataUri'));
}

https://github.com/andrej-griniuk/cakephp-two-factor-auth/blob/master/src/Plugin.php

This is not a valid class name for 5.x
See docs

Should be YourPluginNamePlugin class

Hi guys i want to generate the code ($this->Auth->tfa->getCode()) after the username and password has validated, and send a email with this code, where i put my logic?

Hi,
I need to use verifyCode() method in a controller, but there is no such a method in the component. It does exist on TwoFactorAuth class. Why is that? How should do I verify the code?

I already loaded the component, so didn't want to create an object from TwoFactorAuth.