Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using email MFA behind VPN with private-range IP addresses results in exception #444

Closed
basilgohar-asmresearch opened this issue Oct 20, 2023 · 1 comment
Closed

Using email MFA behind VPN with private-range IP addresses results in exception #444

basilgohar-asmresearch opened this issue Oct 20, 2023 · 1 comment

Comments

@basilgohar-asmresearch
Copy link

basilgohar-asmresearch commented Oct 20, 2023
edited

We are using the email factor but we also connect via a VPN so our IP address is in the private IP rangge (e.g., 10.x.x.x). This causes an exception when used with the MaxMind GeoIP2 Lite because the IP address is not found. No email is sent, as well. The error message I get is as follows:

image

Exception - The address 10.130.6.1 is not in the database.

More information about this error
Debug info:
Error code: generalexceptionmessage
Stack trace:

line 260 of /lib/maxmind/GeoIp2/Database/Reader.php: GeoIp2\Exception\AddressNotFoundException thrown
line 231 of /lib/maxmind/GeoIp2/Database/Reader.php: call to GeoIp2\Database\Reader->getRecord()
line 94 of /lib/maxmind/GeoIp2/Database/Reader.php: call to GeoIp2\Database\Reader->modelFor()
line 41 of /iplookup/lib.php: call to GeoIp2\Database\Reader->city()
line 43 of /admin/tool/mfa/factor/email/renderer.php: call to iplookup_find_location()
line 66 of /admin/tool/mfa/factor/email/classes/factor.php: call to factor_email_renderer->generate_email()
line 217 of /admin/tool/mfa/factor/email/classes/factor.php: call to factor_email\factor::email_verification_code()
line 52 of /admin/tool/mfa/factor/email/classes/factor.php: call to factor_email\factor->generate_and_email_code()
line 82 of /admin/tool/mfa/classes/local/form/login_form.php: call to factor_email\factor->login_form_definition_after_data()
line 1024 of /lib/formslib.php: call to tool_mfa\local\form\login_form->definition_after_data()
line 107 of /admin/tool/mfa/auth.php: call to moodleform->display()

Our version of Moodle is Moodle Workplace 4.2.2.

When we remove the MaxMind DB file, the email factor works due to the fallback to the 3rd-party geoIP web service, but we cannot use that for security reasons as that would leak users' IP addresses to the 3rd party.
@Peterburnett
Copy link
Contributor

Hi @basilgohar-asmresearch

This one has been fixed here https://github.com/catalyst/moodle-tool_mfa/blob/MOODLE_400_STABLE/factor/email/renderer.php#L69 in commit d7534ef

Please update the plugin and you should be good to go.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Peterburnett @basilgohar-asmresearch