Unrecognized option "two_factor" under "security.firewalls.main"

[shoaibhassan]

I am getting this error when trying to use this library in symfony 3.4 and the library version is 2.14

here is the code
//security.yml

security:

providers:
    in_memory:
        memory: ~

firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    main:
        anonymous: ~
        # activate different ways to authenticate

        # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
        #http_basic: ~

        # https://symfony.com/doc/current/security/form_login_setup.html
        #form_login: ~
        two_factor:
            auth_form_path: 2fa_login    # The route name you have used in the routes.yaml
            check_path: 2fa_login_check  # The route name you have used in the routes.yaml

            
access_control:
    - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }

and i just add the this code in AppKernel.php
// AppKernal.php
new Scheb\TwoFactorBundle\SchebTwoFactorBundle(),

[scheb]

The security extension should be loaded automatically, when the bundle is loaded. Please check:

• Is the bundle is actually loaded? Check via bin/console debug:config
• Can the security config being read? Check via bin/console debug:config SecurityBundle
• Clear the cache by removing your cache folder and try again

[shoaibhassan]

1. bin/console debug:config is showing this output before adding the two_factor in security.yml

Bundle name                  Extension alias         
---------------------------- ------------------------ 
 AppBundle                                            
 DebugBundle                  debug                   
 DoctrineBundle               doctrine                
 FrameworkBundle              framework               
 MonologBundle                monolog                 
 SchebTwoFactorBundle         scheb_two_factor        
 SecurityBundle               security                
 SensioDistributionBundle     sensio_distribution     
 SensioFrameworkExtraBundle   sensio_framework_extra  
 SensioGeneratorBundle                                
 SwiftmailerBundle            swiftmailer             
 TwigBundle                   twig                    
 WebProfilerBundle            web_profiler            
 WebServerBundle              web_server              
---------------------------- ------------------------ 

2. bin/console debug:config SecurityBundle is showing this output before adding the two_factor in security.yml

//security.yml

   security:
   providers:
       in_memory:
           memory:
               users: {  }
   firewalls:
       dev:
           pattern: ^/(_(profiler|wdt)|css|images|js)/
           security: false
           methods: {  }
           user_checker: security.user_checker
           stateless: false
           logout_on_user_change: false
       main:
           anonymous:
               secret: null
           methods: {  }
           security: true
           user_checker: security.user_checker
           stateless: false
           logout_on_user_change: false
   access_control:
       -
           path: ^/2fa
           roles:
               - IS_AUTHENTICATED_2FA_IN_PROGRESS
           requires_channel: null
           host: null
           ips: {  }
           methods: {  }
           allow_if: null
   access_decision_manager:
       strategy: affirmative
       allow_if_all_abstain: false
       allow_if_equal_granted_denied: true
   access_denied_url: null
   session_fixation_strategy: migrate
   hide_user_not_found: true
   always_authenticate_before_granting: false
   erase_credentials: true
   encoders: {  }
   role_hierarchy: {  }

3. Also cache clear by command bin/console cache:clear

// After Adding two_factor code in security.yml i got this error while executing any command in terminal

In ArrayNode.php line 307:                                                      
  Unrecognized option "two_factor" under "security.firewalls.main"

This is happening again.I want to add two_factor in security.yml so i can use
default_target_path: / Where to redirect by default after successful authentication
OR
you can suggest me another way to redirect to path after two factor authentication.
bcoz right now when i do two factor authentication it redirect me to same login page.

[scheb]

Then I really don't know why it doesn't accept the key in the firewall configuration. This line is being executed, right?

[shoaibhassan]

Is there any other way to redirect by default after successful authentication?

[scheb]

I've just recognized the obvious problem. You're still using bundle version 2.x and reading documentation from 3.x. This obviously doesn't work very well together.

I'd highly recommend to upgrade your two-factor-bundle to 3.x. You're running on Symfony 3.4, so that will work. Have a look at the upgrade instructions, it's quite some work since the bundle has been completely rewritten, but it's worth it.

[shoaibhassan]

How to upgrade to 3.x ,i have check the link upgrade instruction ,
but can you elaborate bit more what exactly should i do?

[scheb]

You upgrade the bundle to version 3.x (use latest minor release) and then follow the upgrade instructions to get your integration with the bundle updated. That potentially means updating configuration, renaming methods, updating method signatures, replacing interfaces with their new counterparts. Depends on how many customization features of the bundle you're using.

If you're not using that many customization features, it's probably easier to just reinstall the bundle.

[shoaibhassan]

I have upgrade the version and update many code as per instruction.
but this one is difficult to resolve

Compile Error: Declaration of AppBundle\Entity\User::isEmailAuthEnabled() m ust be compatible with Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface ::isEmailAuthEnabled(): bool

It is giving error for all of the below method in my user.php entity
`// ....Two-factor Authentication.............

/**
 * @ORM\Column(type="integer", nullable=true)
 */
private $authCode;

public function isEmailAuthEnabled()
{
    return true;
}

public function getEmailAuthCode()
{
    return $this->authCode;
}

public function setEmailAuthCode($authCode)
{
    $this->authCode = $authCode;
}

/**
 * Return user email address.
 *
 * @return string
 */
public function getEmailAuthRecipient()
{
    return $this->email;
}`

It is asking for compatible,,can you help.

[scheb]

As I said, you need to update the method signatures of your integration. In this case, the method AppBundle\Entity\User::isEmailAuthEnabled() must have the same signature as defined in Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface::isEmailAuthEnabled(). Bundle version 3 is making use of PHP7 type hints on all methods.

[shoaibhassan]

can you please update this code according to signature.

`// ....Two-factor Authentication.............

/**
 * @ORM\Column(type="integer", nullable=true)
 */
private $authCode;

public function isEmailAuthEnabled()
{
    return true;
}

public function getEmailAuthCode()
{
    return $this->authCode;
}

public function setEmailAuthCode($authCode)
{
    $this->authCode = $authCode;
}

/**
 * Return user email address.
 *
 * @return string
 */
public function getEmailAuthRecipient()
{
    return $this->email;
}`

[scheb]

You copy the method signatures from the interface that you've implemented, which is https://github.com/scheb/two-factor-bundle/blob/master/Model/Email/TwoFactorInterface.php

public function isEmailAuthEnabled() becomes public function isEmailAuthEnabled(): bool and so on...

[shoaibhassan]

Thank you very much .
Now it is working fine and i have just one problem here .
When i fill 2nd form for two factor authentication it redirect back to same two_factor form page .

[scheb]

Are you using the standard template for the authentication form? Or did you customize it?

[shoaibhassan]

i was using old template sorry,my fault,now i have check the standard template and i have one more question when user redirect to this path action="{{ path("2fa_login_check") }}" after submit two_factor form it give error that /2fa_login_check controller does not exist ,

what should i do ,?
should i have to make controller then what should i write there for verify the 4 digit code that i have received.?

[scheb]

You need to register a route named "2fa_login_check", as seen here: https://github.com/scheb/two-factor-bundle/blob/master/Resources/doc/installation.md#step-3-define-routes

[shoaibhassan]

Now getting this error after submit the two_factor form
Unable to find the controller for path "/2fa_check". The route is wrongly configured.

[shoaibhassan]

Unable to find the controller for path "/2fa_check". The route is wrongly configured.

I have checked that there is no controller for this in latest version,what you think about this.?

[scheb]

It doesn't need a controller, the route is automatically managed by TwoFactorListener. The error message tells me that the listener isn't triggered, so there must be something wrongly configured.

1. Ensure you have the routes configured in the firewall config, as described here.
2. Ensure that you have a TwoFactorToken when the two-factor authentication form is shown. You can see that in the debug toolbar.
3. Ensure that you still have the TwoFactorToken when doing the failing POST request.

If all of this looks fine, debug into the code.

When you POST against that route, check if you enter this method:
https://github.com/scheb/two-factor-bundle/blob/dc3a85e/Security/Http/Firewall/TwoFactorListener.php#L153

If so, check if you reach this statement? And does it evaluate to true? https://github.com/scheb/two-factor-bundle/blob/dc3a85e/Security/Http/Firewall/TwoFactorListener.php#L161

[shoaibhassan]

it reach to
vendor/scheb/two-factor-bundle/Security/Http/Firewall/TwoFactorListener.php line 31

[scheb]

So it never enters this line here? https://github.com/scheb/two-factor-bundle/blob/dc3a85e/Security/Http/Firewall/TwoFactorListener.php#L153

[shoaibhassan]

yes
here is the error when i am on the error page using debugger tool
http://127.0.0.1:8000/2fa_check Method POST HTTP Status 404 IP 127.0.0.1 Profiled on Wed, 06 Mar 2019 02:16:27 +0500 Token 3e0d81

[shoaibhassan]

here is the warning that i am getting
Unable to look for the controller as the "_controller" parameter is missing.

[shoaibhassan]

I was commented some code when install latest version of your library when i see this code ,now i uncomment that code and the error is showing.
Attempted to load class "Sha256" from namespace "Lcobucci\JWT\Signer\Hmac". Did you forget a "use" statement for another namespace?

[scheb]

Di you figure it out? The "Attempted to load class" must be related to you commenting out code. This should not happen if the JWT package was properly installed through Composer.

[connecttosunil]

Hi @scheb I did the configurations for the budle with my symfony 2.8.49 and its not getting the 2-fa screen after login.

     "scheb/two-factor-bundle": "^2.14",

I am using above version. what could be the issue?

Thanks

[scheb]

@connecttosunil scheb/two-factor-bundle version 2 is no longer supported, Also, it has some known security issues. So please upgrade to version 4 or 5.

[connecttosunil]

@scheb but my Symnfony version is 2.8.49 So which version of ( two-factor-bundle) should I use can you guide please?

Also I am following the document this one for Symfony 2.x

https://github.com/scheb/two-factor-bundle/blob/2.x/Resources/doc/installation.md

And for this I did all steps and in my User entity added the fields also as described in doc, but even the 2-fa screen is not appearing once user logged in. Can you please guide me I am in trouble using the bundle.

[scheb]

@connecttosunil I'd recommend you upgrade your Symfony version first, because Symfony 2.8 is no longer supported since November 2019. The minimum supported version of scheb/two-factor-bundle version 4 is Symfony 3.4.

[connecttosunil]

OK I see @scheb but my application is already built with this version, can not upgrade this time. Can you recommend some other solution if you see for this case please?

Thanks for your assistance.

[scheb]

@connecttosunil Of course you can upgrade. Upgrade guides from 2.x to 3.4 can be found in the Symfony repository: https://github.com/symfony/symfony/tree/3.4 => See: UPGRADE-3.0.md ... UPGRADE-3.4.md

I'm afraid, I cannot help you with the problem, when you're using such an old version of the bundle.