andrej-griniuk / cakephp-two-factor-auth Goto Github PK
View Code? Open in Web Editor NEWTwo-factor authentication plugin
License: MIT License
Two-factor authentication plugin
License: MIT License
I'm currently working on a project that uses CakePHP 4.3 and uses this plugin. We are dependant on the isEnabled2faProperty
and version 3.0 doesn't have that one yet.
Update Release 3.0 to this commit so that's included in the 3.0 release as well.
Commit: aff450b as base of the 3.0 release.
PR that adds this feature: #18
If i need to create anything let me please know.
Thanks in advance.
In the FormAuthneticate.php you are using $response->location($verifyAction);
. The location is now deprecated and does not send over the Flash messages in the redirect.
Are you planning to update the framework according to the newer methods.
I tried to update my implementation of this plugin and it failed miserably.
After the secret value has been saved to the database, and the user tries to login again, there is the following error:
Fatal error: Call to a member function allow() on boolean in /vendor/andrej-griniuk/cakephp-two-factor-auth/src/Controller/TwoFactorAuthController.php on line 24
This seems to be due to the inaccessibility to the Auth Component in the TwoFactorAuth Controller. I was able to get a work around for this by implementing the following code in the TwoFactorAuth Controller:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth');
}
Cake : 4.2
This plugin : ^3.0
The CookieAuthenticator lookup for rememberMeField
in the login form but the intermediate TFA check form
remove this field from request::data.
Someone have an idea how to allow remember_me
checkbox on login form WITH this TFA plugin please ?
I try this code.
But when I scan QRcode in Authy or Google Authentificator, the code isn't equals to my code print.
$secret = "UBSZYUT3FBIGGDZR"; $code = $this->Auth->tfa->getCode($secret); echo "<img src='".$this->Auth->tfa->getQRCodeImageAsDataUri("Bahamas", $secret)."'/>"; echo $code . "<br/>"; echo $this->Auth->tfa->verifyCode($secret, "346259", 0) ? "OK" : "NOK<br/>"; echo $this->Auth->tfa->verifyCode($secret, $code, 0) ? "OK" : "NOK";
I have tried to change verifyAction
config when we loading component, but it did not work. I have found out that either readme or code is wrong (not sure at what level verifyAction should actually be)
From readme (it does not work)
$this->loadComponent('TwoFactorAuth.Auth', [
'authenticate' => [
'TwoFactorAuth.Form' => [
'fields' => [
'username' => 'username',
'password' => 'password',
'secret' => 'secret', // database field
'remember' => 'remember' // checkbox form field name for "Trust this device" feature
],
'remember' => true, // enable "Trust this device" feature
'cookie' => [ // cookie settings for "Trust this device" feature
'name' => 'TwoFactorAuth',
'httpOnly' => true,
'expires' => '+30 days'
],
'verifyAction' => [
'prefix' => false,
'controller' => 'TwoFactorAuth',
'action' => 'verify',
'plugin' => 'TwoFactorAuth'
],
],
],
]);
When I change config like below then in works fine
$this->loadComponent('TwoFactorAuth.Auth', [
'authenticate' => [
'TwoFactorAuth.Form' => [
'fields' => [
'username' => 'email',
'password' => 'password',
'secret' => 'secret', // database field
'remember' => 'remember' // checkbox form field name for "Trust this device" feature
],
'remember' => true, // enable "Trust this device" feature
'cookie' => [ // cookie settings for "Trust this device" feature
'name' => env('APP_NAME', null) . '_TwoFactorAuth',
'httpOnly' => true,
'expires' => '+30 days'
],
],
],
'verifyAction' => [
'prefix' => 'admin',
'controller' => 'Users',
'action' => 'verify',
],
]);
Should I update readme and send you pull request?
Please change the requirement
Thanks
I implemented this plugin as written in your documentation, but the app always returns an error message about the code entered.
My questions,
Hello!
I think I reached end of Internet looking over this error.
I installed fresh cakephp 3.4.5 on my server.
Installed your plugin.
Added database field, plugin loader in bootstrap.php, changed AppController.php.
I got this annoying error and I don't know what to do. Can you give me a hint on how to resolve this?
Thanks!
Hi.
How to access to users data (and his secret) within verify action?
I'd like to read usersecret and useremail but I havent in verify action..
I miss something?
public function verify()
{
$this->Authorization->skipAuthorization();
$this->request->allowMethod(['get', 'post']);
$secret="usersecret";
$secretDataUri = $this->TwoFactorAuth->getQRCodeImageAsDataUri('useremail', $secret);
$this->set(compact('secretDataUri'));
}
https://github.com/andrej-griniuk/cakephp-two-factor-auth/blob/master/src/Plugin.php
This is not a valid class name for 5.x
See docs
Should be YourPluginNamePlugin class
Hi guys i want to generate the code ($this->Auth->tfa->getCode()) after the username and password has validated, and send a email with this code, where i put my logic?
Hi,
I need to use verifyCode()
method in a controller, but there is no such a method in the component. It does exist on TwoFactorAuth
class. Why is that? How should do I verify the code?
I already loaded the component, so didn't want to create an object from TwoFactorAuth
.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.