New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Errors with two-factor authentication #13826

Closed
ibennetch opened this Issue Nov 22, 2017 · 3 comments

Comments

Projects
None yet
2 participants
@ibennetch
Member

ibennetch commented Nov 22, 2017

When trying to configure two-factor authentication, I get some errors. To reproduce, I first ran composer require pragmarx/google2fa bacon/bacon-qr-code, then from the user settings page I toggled to "Authentication Application(2FA)" andwent to the "Configure two-factor authentication" button, and finally entered the code. 2FA was not successfully configured.


Warning: Unsupported declare 'strict_types' in  /var/www/pma-dev/fork/vendor/paragonie/constant_time_encoding/src/Base32.php  on line 2
--


1 | 0.0001 | 135964 | {main}(  ) | ../prefs_second.php:0
2 | 0.0313 | 1283576 | PhpMyAdmin\TwoFactor->configure(  ) | ../prefs_second.php:32
3 | 0.0315 | 1287200 | PhpMyAdmin\Plugins\TwoFactor\Application->configure(  ) | ../TwoFactor.php:218
4 | 0.0315 | 1287228 | PhpMyAdmin\Plugins\TwoFactor\Application->check(  ) | ../Application.php:115
5 | 0.0315 | 1287260 | PragmaRX\Google2FA\Google2FA->verifyKey(  ) | ../Application.php:73
6 | 0.0316 | 1288208 | PragmaRX\Google2FA\Google2FA->findValidOTP(  ) | ../Google2FA.php:359
7 | 0.0317 | 1288276 | PragmaRX\Google2FA\Google2FA->oathHotp(  ) | ../Google2FA.php:77
8 | 0.0317 | 1288324 | PragmaRX\Google2FA\Google2FA->base32Decode(  ) | ../Google2FA.php:217
9 | 0.0317 | 1288608 | spl_autoload_call (  ) | ../Google2FA.php:49
10 | 0.0317 | 1288648 | Composer\Autoload\ClassLoader->loadClass(  ) | ../Google2FA.php:0
11 | 0.0318 | 1288776 | Composer\Autoload\includeFile(  ) | ../ClassLoader.php:301


Fatal error: Default value for parameters with a class type hint can  only be NULL in  /var/www/pma-dev/fork/vendor/paragonie/constant_time_encoding/src/Base32.php  on line 42
--


1 | 0.0001 | 135964 | {main}(  ) | ../prefs_second.php:0
2 | 0.0313 | 1283576 | PhpMyAdmin\TwoFactor->configure(  ) | ../prefs_second.php:32
3 | 0.0315 | 1287200 | PhpMyAdmin\Plugins\TwoFactor\Application->configure(  ) | ../TwoFactor.php:218
4 | 0.0315 | 1287228 | PhpMyAdmin\Plugins\TwoFactor\Application->check(  ) | ../Application.php:115
5 | 0.0315 | 1287260 | PragmaRX\Google2FA\Google2FA->verifyKey(  ) | ../Application.php:73
6 | 0.0316 | 1288208 | PragmaRX\Google2FA\Google2FA->findValidOTP(  ) | ../Google2FA.php:359
7 | 0.0317 | 1288276 | PragmaRX\Google2FA\Google2FA->oathHotp(  ) | ../Google2FA.php:77
8 | 0.0317 | 1288324 | PragmaRX\Google2FA\Google2FA->base32Decode(  ) | ../Google2FA.php:217
9 | 0.0317 | 1288608 | spl_autoload_call (  ) | ../Google2FA.php:49
10 | 0.0317 | 1288648 | Composer\Autoload\ClassLoader->loadClass(  ) | ../Google2FA.php:0



@nijel nijel added enhancement bug and removed enhancement labels Nov 23, 2017

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Nov 23, 2017

Member

I guess you're using PHP 5? Can you please provide composer info to see what packages got installed?

For me on php 5 I get correctly get paragonie/constant_time_encoding v1.0.1 , which doesn't suffer to this.

Member

nijel commented Nov 23, 2017

I guess you're using PHP 5? Can you please provide composer info to see what packages got installed?

For me on php 5 I get correctly get paragonie/constant_time_encoding v1.0.1 , which doesn't suffer to this.

@ibennetch

This comment has been minimized.

Show comment
Hide comment
@ibennetch

ibennetch Nov 23, 2017

Member

I think you've identified the problem, then — my CLI PHP version is 7.0.19-1, but the Apache module is 5.6.30-0+deb8u1. It seems to me that Composer must have installed packages based on the CLI version number, which of course causes trouble when run with the older PHP used with Apache.

I got paragonie/constant_time_encoding v2.2.0.

For historical reasons, I like to have my CLI as version 7 but the module as PHP5.

I forced Composer to run as PHP 5 and it downgraded two packages:

# /usr/bin/php5 /usr/local/bin/composer update
Loading composer repositories with package information
Updating dependencies (including require-dev)
  - Removing phpdocumentor/reflection-docblock (4.1.1)
  - Installing phpdocumentor/reflection-docblock (3.3.2)
    Downloading: 100%

  - Removing paragonie/constant_time_encoding (v2.2.0)
  - Installing paragonie/constant_time_encoding (v1.0.1)
    Downloading: 100%

After doing so, I no longer get the error.

It seems to me that this version difference is, if anything, a Composer problem rather than phpMyAdmin itself and something that we probably can't detect. As you mentioned in the other thread, this can lead to problems when distributing, so we'll have to figure out some way to deal with this going forward before the release of 4.8.

Member

ibennetch commented Nov 23, 2017

I think you've identified the problem, then — my CLI PHP version is 7.0.19-1, but the Apache module is 5.6.30-0+deb8u1. It seems to me that Composer must have installed packages based on the CLI version number, which of course causes trouble when run with the older PHP used with Apache.

I got paragonie/constant_time_encoding v2.2.0.

For historical reasons, I like to have my CLI as version 7 but the module as PHP5.

I forced Composer to run as PHP 5 and it downgraded two packages:

# /usr/bin/php5 /usr/local/bin/composer update
Loading composer repositories with package information
Updating dependencies (including require-dev)
  - Removing phpdocumentor/reflection-docblock (4.1.1)
  - Installing phpdocumentor/reflection-docblock (3.3.2)
    Downloading: 100%

  - Removing paragonie/constant_time_encoding (v2.2.0)
  - Installing paragonie/constant_time_encoding (v1.0.1)
    Downloading: 100%

After doing so, I no longer get the error.

It seems to me that this version difference is, if anything, a Composer problem rather than phpMyAdmin itself and something that we probably can't detect. As you mentioned in the other thread, this can lead to problems when distributing, so we'll have to figure out some way to deal with this going forward before the release of 4.8.

@nijel nijel self-assigned this Nov 24, 2017

@nijel nijel added question and removed bug labels Nov 24, 2017

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Nov 24, 2017

Member

Okay, let's deal with the release issues in #13831, I don't think there is much to solve here - I think this is desired composer behavior and mixing PHP versions like this is a bit unusual...

Member

nijel commented Nov 24, 2017

Okay, let's deal with the release issues in #13831, I don't think there is much to solve here - I think this is desired composer behavior and mixing PHP versions like this is a bit unusual...

@nijel nijel closed this Nov 24, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment