Giter VIP home page Giter VIP logo

Comments (7)

scheb avatar scheb commented on August 17, 2024

Looks as if there's a request against /2fa_check when the user hasn't even completed the initial login yet.

Would you please post your security.yaml configuration?

from 2fa.

PhilETaylor avatar PhilETaylor commented on August 17, 2024

Correct, I just did a POST using command line to /2fa_check and replicated the error in dev.

I can't post the whole yaml but here are relevant parts...

main:
      pattern: /
      host: "%manage_subdomain%.mysites.guru"
      remember_me:
        secret:   '%kernel.secret%'
        lifetime: 2592000 # 1 month in seconds
        path:     /
        httponly: true
        samesite: 'strict'
        name: _rememberme
      two_factor:
        auth_form_path: 2fa_login
        check_path: 2fa_login_check
      custom_authenticators:
        - Base\Security\Authenticator
      lazy: true
      provider: users
      switch_user:  { parameter: _switch_user }
      logout:
        path: app_logout

- { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }

from 2fa.

scheb avatar scheb commented on August 17, 2024

Just thought IS_AUTHENTICATED_2FA_IN_PROGRESS should actually prevent that from happening, but then I remembered the authenticator is actually executed before access control. So it's running into this

2fa/src/bundle/Security/Http/Authenticator/TwoFactorAuthenticator.php

Lines 102 to 105 in cc7028a

if (!($currentToken instanceof TwoFactorTokenInterface)) {
// This should only happen when the check path is called outside of a 2fa process and not protected via access_control
throw new AuthenticationServiceException('Tried to perform two-factor authentication, but two-factor authentication is not in progress.');
}

and then further down a token is expected when it's actually null.

I'll add a null check for that case.

from 2fa.

PhilETaylor avatar PhilETaylor commented on August 17, 2024

Sorry :) pleased it was a quick easy painless issue :)

from 2fa.

scheb avatar scheb commented on August 17, 2024

Released v5.4.2 with a fix

from 2fa.

PhilETaylor avatar PhilETaylor commented on August 17, 2024

Awesome - let me jump and test that for you....

from 2fa.

PhilETaylor avatar PhilETaylor commented on August 17, 2024

Perfect! Thanks for the quick fix. Works perfectly for me.

from 2fa.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.