Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to deploy TwoFactorX to front-end / Login #2

Open
deJaya opened this issue Feb 5, 2024 · 7 comments
Open

How to deploy TwoFactorX to front-end / Login #2

deJaya opened this issue Feb 5, 2024 · 7 comments

Comments

@deJaya
Copy link

deJaya commented Feb 5, 2024

Hi, I'm just testing this and it's looking really great.

In terms of adding an Authentication Code field to the front-end login form provided by the Login Extra - I don't see any documentation on how to do this.

In GoogleAuthenticatorX we could add something like:

<label class="loginUsernameLabel">[[%gax.authkey? &namespace=`GoogleAuthenticatorX`]]
     <input class="loginUsername" type="text" name="token" />
</label>

Any advice on this?

Thanks
@weboopl
Copy link

weboopl commented Apr 21, 2024

You can insert 'code' field into LoginTpl like:
<input type="text" name="code"/>

but still won't get logged in. However calling preHooks=TwoFactorXLogin within Login snippet seems to check for Google Authentication Code and validate it, but do not let you log in even if the code is correct.

[[!Login?
  &preHooks=`TwoFactorXLogin`
]]

Anyone to solve this?

@deJaya
Copy link
Author

deJaya commented May 29, 2024

Hi again, thanks for your suggestions @weboopl .. I see this is now reflected in the docs

I've altered my Login call:

[[!login? &preHooks=`TwoFactorXLogin`]]

and added the following field to the login form tpl:

<input type="text" name="code" />

However, although the code field appears - in all cases I can log in without specifying the auth code - just supplying the user & password. Even supplying an incorrect code gets me logged in.

TwoFactorX is enabled and works as expected on the Manager login page.

I'd love to get this working - any help much appreciated.

MODX 3.0.5-pl
TwoFactorX 1.0.5-pl

@deJaya
Copy link
Author

deJaya commented May 30, 2024
edited
Loading

in twofactorx\src\Snippets\LoginHook.php .. line 50:

if (!$settings['totp_disabled'] && $settings['inonetime'] == 'yes') {

Is it possible that the logic here may be wrong?

Switching it to:

if (!$settings['totp_disabled'] && $settings['inonetime'] == 'no') {

appears to result in the expected behaviour.

@deJaya
Copy link
Author

deJaya commented May 30, 2024

Or perhaps inonetime does not need to be checked for front-end users?

if (!$settings['totp_disabled']) {

@al5040
Copy link

al5040 commented Jun 17, 2024

Hello deJaya,

In my opinion, the inonetime parameter should not be checked for front-end users.
The settings for individual users are extended parameters in the user profile. However, since these parameters are encrypted, checking their values ​​is unfortunately not so easy.

Best regards

@deJaya
Copy link
Author

deJaya commented Jun 17, 2024

Switching line 50 to if (!$settings['totp_disabled']) { certainly works.

@al5040
Copy link

al5040 commented Jun 18, 2024

Yes, this works.

Checking the inonetime parameter in the hook should depend on the twofactorx.enable_onetime parameter in the system settings. However, that probably won't help either, because even though I enabled this parameter again, inonetime remains set to No. It's really one time.

Conclusion for me. It's best to leave onetime sign-on deactivated from the start.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@deJaya @weboopl @al5040