Google 2 Factor Auth - Cog not dissappearing and no message displayed (login and admin)

[andyshilton]

Steps to reproduce

1. Enable google 2Fauth (Note, our TeamPass is running on SSL)
2. As an admin, click on the barcode next to a user on the Manage users page. The cog spins, email is sent, but the cog never stops and no message is displayed
3. As a logged out user attempts to log in, clicking the link to send you a code via email. Cog spins and never disappears (again, the email is sent though but the cog remains and displays over the QR code).

Expected behaviour

Tell us what should happen
For both the admin user and the end user I would expect the cog to disappear and a message saying "sent" to appear.

Actual behaviour

Tell us what happens instead
The cog stays on the screen spinning until you refresh the page.

Server configuration

Operating system:
ubuntu 16
Web server:
LAMP (apache)
Database:
MySQL
PHP version:
7.1
Teampass version:
2.1.27.7
Updated from an older Teampass or fresh install:
Updated from 2.1.27

Client configuration

Browser:
Firefox and Google Chrome

Operating system:
Ubuntu

Logs

Web server error log

Insert your webserver log here

Firebug log (How to?)

Insert the Firebug log here

Admin page, no errors. Two POST requests to sources/main.queries.php
REQUEST 1- type=ga_generate_qr&id=10000000&send_email=1&be938143f01b5b0af0d9a905fd3041406309c0f134cc6b2819=7345
6748583c4c4bbc419e7f6ac58c1c4f27887f3f534446a0

RESPONSE 1 - [{"error" : "not_allowed"}][{ "error" : "0" , "email" : "##redacted##" , "msg" : "Email sent to ###REDACTED## ... check your inbox."}]

REQUEST 2 - type=is_existings_suggestions&key=Ohcaethibikeezoh6eeghe8xee0aes2aita9uZaeph0ahfot8a&be938143f01b5b0af0d9a905fd3041406309c0f134cc6b2819
=73456748583c4c4bbc419e7f6ac58c1c4f27887f3f534446a0

RESPONSE 2 - [ { "error" : "" , "count" : "0" , "show_sug_in_menu" : "0"} ]

User attempting to request a QR code in the log in page - Firebug breaks in the csrfprotector.js file at line 272
return this.old_send(data); // Failed to load resource: the server responded with a status of 500()

[nilsteampassnet]

I will investigate

Thank you for reporting

[nilsteampassnet]

I confirm the use regarding the user asking for receiving his QR code by email, but could not reproduce from the Admin side.
On my test environment, as an admin I could send the QR code by email.

As I see an error regarding csrfprotector, can you please do the next:

• open file /includes/libraries/csrfp/libs/csrfp.config.php
• in array verifyGetFor, add value "*type=ga_generate_qr*",

[andyshilton]

Hi,

In both cases on our system, the email is sent. However, the spinning cog appears and nothing else happens on the screen. This leaves the cog displayed and spinning indefinitely. For an admin, it means you have to refresh the screen to stop the spinning cog displaying and for a normal user the cog stays on the screen too and is right over the top of the QR code.

I've added the update to out csrfp.config.php file. Thank you for that. I will test it and post the results :)

[nilsteampassnet]

This is fixed and committed in Developmnent branch

[andyshilton]

Thank you for fixing it and thanks for such a great product.

[Steltek]

This bug is back in 2.1.27.10.

[nilsteampassnet]

After tested again, I could not reproduce.
@Steltek can you please provide the errors?

[Steltek]

I upgraded from 2.1.27.7 (and 2.1.27.1 before that), so maybe I didn't do that right? (I had to manually apply the fix mentioned above to the includes/libraries/csrfp/libs/csrfp.config.php file.)