New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Two factor: doesn't ask for second factor #13828

Closed
nijel opened this Issue Nov 23, 2017 · 12 comments

Comments

Projects
None yet
2 participants
@nijel
Member

nijel commented Nov 23, 2017

Reported by @pwallner at #13787 (comment):

If I activate Google auth, everything goes well during configuration, but when I logout and login, no Code request appears and I can login without google auth?!

@nijel nijel added the bug label Nov 23, 2017

@nijel nijel added this to the 4.8.0 milestone Nov 23, 2017

@nijel nijel self-assigned this Nov 23, 2017

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Nov 23, 2017

Member

@pwallner do you have configuration storage enabled? Can you please check what is stored in the pma__userconfig table for your user?

Member

nijel commented Nov 23, 2017

@pwallner do you have configuration storage enabled? Can you please check what is stored in the pma__userconfig table for your user?

@nijel nijel referenced this issue Nov 23, 2017

Merged

Second authentication factor #13787

4 of 4 tasks complete

nijel added a commit that referenced this issue Nov 24, 2017

Unset all session entries on creating new session
Issue #13828

Signed-off-by: Michal Čihař <michal@cihar.com>
@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Nov 24, 2017

Member

@pwallner it would be great if you can try to reproduce this on current master, I've done some fixes in related code.

Member

nijel commented Nov 24, 2017

@pwallner it would be great if you can try to reproduce this on current master, I've done some fixes in related code.

@pwallner

This comment has been minimized.

Show comment
Hide comment
@pwallner

pwallner Nov 25, 2017

in pma__userconfig I can see {"collation_connection":"utf8mb4_unicode_ci","2fa"... {"collation_connection":"utf8mb4_unicode_ci","2fa"...
but after logout and login, it doesn't ask for 2fa. I can login only with user and pass.

pwallner commented Nov 25, 2017

in pma__userconfig I can see {"collation_connection":"utf8mb4_unicode_ci","2fa"... {"collation_connection":"utf8mb4_unicode_ci","2fa"...
but after logout and login, it doesn't ask for 2fa. I can login only with user and pass.

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Nov 27, 2017

Member

There must be something broken in your session data. Can you please check what phpMyAdmin cookies do you have set? Are you using only https to access phpMyAdmin or mixing http and https?

Member

nijel commented Nov 27, 2017

There must be something broken in your session data. Can you please check what phpMyAdmin cookies do you have set? Are you using only https to access phpMyAdmin or mixing http and https?

@pwallner

This comment has been minimized.

Show comment
Hide comment
@pwallner

pwallner Nov 27, 2017

pwallner commented Nov 27, 2017

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Nov 27, 2017

Member

Well that could be result of some mess, but I can't reproduce it behave this way - for me if I've used https and still have secure session cookie for that, the http login fails. The other way it works fine for me.

Did you use standard cookie based authentication?

Member

nijel commented Nov 27, 2017

Well that could be result of some mess, but I can't reproduce it behave this way - for me if I've used https and still have secure session cookie for that, the http login fails. The other way it works fine for me.

Did you use standard cookie based authentication?

@pwallner

This comment has been minimized.

Show comment
Hide comment
@pwallner

pwallner Nov 27, 2017

pwallner commented Nov 27, 2017

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Nov 27, 2017

Member

Honestly I'd love to reproduce this as it clearly shows some error in the logic. Deleting cookies will most likely help you. Can you please list "phpMyAdmin" named cookies you have for the domain?

Member

nijel commented Nov 27, 2017

Honestly I'd love to reproduce this as it clearly shows some error in the logic. Deleting cookies will most likely help you. Can you please list "phpMyAdmin" named cookies you have for the domain?

@pwallner

This comment has been minimized.

Show comment
Hide comment
@pwallner

pwallner Nov 28, 2017

pwallner commented Nov 28, 2017

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Nov 28, 2017

Member

No problem, thanks for testing this :-)

Member

nijel commented Nov 28, 2017

No problem, thanks for testing this :-)

@pwallner

This comment has been minimized.

Show comment
Hide comment
@pwallner

pwallner Jan 5, 2018

Back from vacation. Did a git pull and composer update and now my google auth is working.

pwallner commented Jan 5, 2018

Back from vacation. Did a git pull and composer update and now my google auth is working.

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Jan 6, 2018

Member

Thanks for testing this!

Member

nijel commented Jan 6, 2018

Thanks for testing this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment