Comments (3)
scheb
commented on September 27, 2024
Honestly, no idea 🤷. The setup looks to good to me.
Would be interesting where that AccessDeniedException is coming from and how the security looked like in that moment.
from 2fa.
yblatti
commented on September 27, 2024
Did you have a look at your Symfony profiler's Events panel ?
Do you have any Security related listeners that could interfere ?
Things that would listent to CheckPassportEvent::class, AuthenticationTokenCreatedEvent::class, LoginSuccessEvent::class, AuthenticationEvents::* and so on...
from 2fa.
adrolter
commented on September 27, 2024
Thank you for the replies! I hadn't had time to poke at this for a couple of weeks, but after taking another look it was indeed a problem with my legacy (PHP Bridge) sessions, as I had suspected.
I was calling \session_start() too late...often in the supports() of my custom authenticators, which was after Firewall\ContextListener->authenticate(). This was fine so long as my custom authenticators were the only ones in the mix, but obviously couldn't work with this bundle because it reads from TokenStorage before any of that happens.
To resolve it I made a kernel.request listener with higher priority than the firewall's, in which I can initialize my legacy sessions.
from 2fa.
Related Issues (20)
- Unable to decode the secret. Is it correctly base32 encoded? HOT 1
- After login it is not redirecting me to the 2fa route HOT 2
- Reduce the secret length to 16 characters HOT 1
- 2FA not detected/working on my project HOT 8
- Increase performance by using CacheableVoterInterface HOT 2
- GitHub Sponsors (PayPal not possible) HOT 2
- Cache-control headers are set to private when using 2FA bundle HOT 1
- Symfony 7.1 Support
- Unrecognized option "trusted_device" under "scheb_two_factor" HOT 2
- Failover 2FA HOT 1
- How to ask for 2FA (TOTP code) when already logged in HOT 2
- "User is in a two-factor authentication process" exception picked up by sentry HOT 4
- Modify 2fa in project to check all factors (username+password and 2fa code) before reporting an error HOT 3
- no authenticator raised when I enter the 2fa code, bug only with traeffik HOT 2
- Allow CSRF token to be retrieved via the X-XSRF-TOKEN header HOT 4
- Support locale with route HOT 4
- Always getting error "invalid_code" HOT 5
- No authcode when rendering the template form
- Help to understand the "User is not in a two-factor authentication process" error
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from 2fa.