2-Factor Authentication not Working After Upgrade to 4.9.3 #15724
Comments
|
Thank you for the report @stresbiz |
|
PHP 7.3.11 (cli) |
|
@stresbiz how did you install phpMyAdmin ? |
|
We typically replace all phpMyAdmin files directly through FTP, and then copy our config.inc.php settings. |
|
Okay, thank you |
|
Thank William! |
|
@stresbiz Can you try to install 5.0.0 version ? |
|
I was just going to say - we tried with the latest 5.0.0 too - same issue. And we've tried both versions (4.9.3 and 5.0.0) on multiple servers. |
|
@stresbiz Interesting, thank you Can you send |
php -m
|
|
Please let me know if you can reproduce the issue and what it is. Thanks! |
|
Hello ... I noticed when upgrading, first to 5.0.0, then downgrading to 4.9.3, that no custom settings were being read in, and the main settings screen says "You have no saved settings!", even though we do have saved settings. So, neither two-factor auth, or other custom settings are being read in. I only have a few custom saved settings, so I can't vouch for all custom settings, but the few that I have are not being read in. This is occurring in both 4.9.3 and 5.0.0. Hope this is helpful. |
|
A bit more information, it seems that two-factor auth is actually removed from the configuration, because once I downgraded back to 4.9.2, it was no longer there. And, FYI, I sftp the tar.gz file to the server, copy over the config file from a previous version, and just update a symlink. So I can easily move between versions. |
|
Thank you for your input seattledeveloper! Hopefully they can fix the issue ASAP. |
|
I see the same issue on 5.0.0. |
|
I confirm the same issue. 2fa worked on 4.9.2 but not on 4.9.3 and 5.0.0. |
|
git bisect said it was introduced by 542ba30 |
|
Hi everyone I found a fix diff --git a/libraries/classes/TwoFactor.php b/libraries/classes/TwoFactor.php
index 9ac4ee20b5..efdf89b4ce 100644
--- a/libraries/classes/TwoFactor.php
+++ b/libraries/classes/TwoFactor.php
@@ -51,6 +51,10 @@ class TwoFactor
*/
public function __construct($user)
{
+ /** @var DatabaseInterface $dbi */
+ global $dbi;
+ $dbi->postConnectControl();
+
$this->userPreferences = new UserPreferences();
$this->user = $user;
$this->_available = $this->getAvailable();Can you test it ? |
Signed-off-by: William Desportes <williamdes@wdes.fr>
|
I edited the TwoFactor.php file on the server in the 5.0.0 tree, adding the 3 new lines of code. 2FA is now working again, as verified by 2 different users, and logging in more than once (just to ensure that the configuration didn't go away between the first and second logins). And, IMHO, it seems that this fix should be added to the 4.9.x tree as well, since this broke a feature that really is security related. Thanks for taking care of this so quickly! |
Signed-off-by: William Desportes <williamdes@wdes.fr>
|
Will be part of 4.9.4+ and 5.0.1+ |
Signed-off-by: William Desportes <williamdes@wdes.fr> Signed-off-by: Tabraiz Malik <tabraizmalik96@gmail.com>
After upgrading phpmyadmin to version 4.9.3, we are no longer prompted for Google's 2-factor authentication, after logging in. We've disabled, and re-enabled the 2FA multiple times. Cleared cache and tried a number of things, but we can't seem to get back the 2FA prompt. We haven't had this issue before, when upgrading to other versions.
The text was updated successfully, but these errors were encountered: