-
Notifications
You must be signed in to change notification settings - Fork 111
Not prompted for Google Authenticator code on login #306
Comments
Since you obviously reached step "3) On login, do you reach the end (return statement) of method Scheb\TwoFactorBundle\Security\Authentication\Provider\AuthenticationProviderDecorator::authenticate()" from the troubleshooting guide: What is the class of two-factor-bundle/Security/Authentication/Provider/AuthenticationProviderDecorator.php Lines 94 to 96 in d85ddf7
That class must be listed in |
Hey Scheb, thanks for your reply! I've added my token to However I'm still not being prompted for the Google Authenticator code. Do you have any idea as to what could be the problem now? |
What's the security token that you see in your session after login? Is it a And could you please post your |
It is a TwoFactorToken.
|
That firewall pattern looks interesting. Could it be that the path you're ending up after login doesn't match the firewall pattern? |
The path I end up in after login in is the dashboard route, which does match the route specified in the firewall for form_login. I updated the LoginFormAuthenticator to explicitly redirect the user to 2fa_login_check route (even though this should depend on if user has 2fa enabled) and that seems to have helped but now I'm getting an error saying that Symfony can't find the controller for the path /2fa_check Am I missing some config options for this route? I copied this from the installation instructions:
|
The check path is only accessiable via POST, it is there to validate the 2fa code. You want to force the redirect to the The bundle automatically redirects to the 2fa form whenever you try to access a path that is somehow "secured". Paths that are not within the firewall (don't match the |
Alright, so I'm now displaying the 2fa_login form, but when I try to submit the code it's calling my default login authenticator and failing because it's setup to use username and password and not the auth_code for authentication. Is this normal? I would've expected the form to submit to a different authenticator to verify the validity of the auth_code. |
No that's not normal. I have no idea why your normal authenticator triggers. The requirements for that authenticator shouldn't be fulfilled. Are you really posting the 2fa code against |
I am, this is my request header:
POST data:
Response Header:
The redirect of course happens due to my default login authenticator getting called. |
No, the You should check where that redirect is coming from. What is causing the application to redirect back to the login form. I suspect this is caused by your weird firewall |
Yeah that was a mistake, I've removed them from the firewall but the issue still persists. The redirect is coming from LoginFormAuthenticator because of course it tries to authenticate the user with the username and password but it's not available because it's getting the post data from the 2fa form, so it only gets auth_code. So it then redirects the user to the login page and displays an error message. The question is, why is LoginFormAuthenticator being called in the first place? Do I have to specify another authenticator on the firewall? |
I can't tell you that. To my understanding, an authenticator is only called when its |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Bundle version: 4.18.4
Symfony version: 3.4.35
PHP version: 7.2.24
Description
I'm trying to setup 2 factor authentication with Google Authenticator on a web app I'm working on.
I've setup the User entity with the TwoFactorInterface and I have successfully generated the QR code and saved the secret to the database. However when I try logging in, I'm never prompted for the Google Authenticator Code. I've gone through the troubleshooting steps and I'm having trouble in step 4: getActiveTwoFactorProviders() is never called.
I've checked my bundle's configuration and I don't have anything whitelisted and have disabled trusted devices:
Additional Context
I've also had a look at my Login authenticator and can't see anything that would suggest that the roles are loaded by replacing the security token after login, although I haven't actually found where the Role is loaded. As far as I can tell it's a pretty standard implementation of AbstractFormLoginAuthenticator (I didn't write this project just adding 2fa to it).
The text was updated successfully, but these errors were encountered: