WordPress.org

Ready to get started?Download WordPress

Forums

Two Factor Auth
[resolved] Some understanding problems (28 posts)

  1. Honkytonky
    Member
    Posted 1 year ago #

    First of all: thank you for the plugin. I still have some harsh time understanding and wanted to ask for some short advice. I do not want to use third party apps. I just want some school staff users to log in by Username, password and an additional one time pass send to their email accounts when they log in. I am still unsure if this plugin can really do it. I installed it and to a certain extent it worked, it added a third login field for the auth code. Nevertheless I saw no button to generate the email and I had not been sent anything to my email stored in the database. Nevertheless I run a local install right now and would like to implement exactely such a feature. Could you help me understand if and how exactely set up your plugin?!
    Greetz from Chile!

    http://wordpress.org/extend/plugins/two-factor-auth/

  2. oskarhane
    Member
    Plugin Author

    Posted 1 year ago #

    Hi,

    It should work just by installing it.
    The button and field on the login screen should be added.
    Do you use some other plugin that modifies the login page?

    Maybe go to "Settings"->"Two Factor Auth" and make sure that all checkboxes for all user roles are checked.

    If they are and you don't see the button on the login page, try to uninstall and install again.

    I'm finishing up a new (and a whole lot more secure) version right now that will be released this friday.

    Just to be clear: You don't even see the button on the login page? Or is the problem that nothing happens when you click the button?

  3. Honkytonky
    Member
    Posted 1 year ago #

    Dear Oskar,

    thanks for getting back to me so quick! The problem ist that I see the fnew field in the formular but I do not have a button which says send mail or anything like this. Yesterday night I managed to get it to work for my admin account wit Google Auth - an amazing work you did there - it works like a charme. What I simply do not understand is the mechanism - I turned it on for ALL Userroles - nevertheless now besides me no one can effectively log in. I also do not see an edit field in the profiles of the users when I try end edit them as an admin. I do not use a plugin for the login, I only style the login page a bit with a style sheet in WHITE LABEL CMS, but no buttons or stuff is hidden. Maybe we can figure this out. A reinstall did not work! Talk to you soon! Thank yoU!

  4. Honkytonky
    Member
    Posted 1 year ago #

    Sorry, I had to leave urgently for classes end could not end my thought on this. What I intended to ask was: how would it work now to proceed with Google Auth for all my other 5 editors and 20 contributors. Would everyone have to set up the Google app, had me to insert the key from the backend and would be finally able to login with the time based one time passwords just like I can right now?
    If so this would be a solution to my problem.

  5. Honkytonky
    Member
    Posted 1 year ago #

    I just realized that I should really leave some quality information for you in case you want to check whether this was something to debug:

    I have this css as an add-on in the WHITELABEL CMS Settings;
    I do not do much more than hide error messages to prevent bots from reading out user information, put a cover background, hide blog and reset password link, and for the sake of the eye I add a little transparency which is due to the bgr pic. I had nevertheless a version of E-Mail Login installed which was due to different experiemets referring to possible user login mechanisms which I deinstalled properly and cleaned the database of any unwanted leftovers. I have a caching plug installed, the small one by Sergej, not W3 Cache due to its recents compatibility issues.

    body.login{
    background-image:url('http://localhost:8888/wp-content/uploads/2013/05/schule.jpg');
    no-repeat center center fixed;
    -webkit-background-size: cover;
    -moz-background-size: cover;
    -o-background-size: cover;
    background-size: cover;}

    body.login div#login {padding-left:225px;}
    .message, #login_error { display:none; }
    .login #login p#nav a {display:none}
    body.login div#login p#backtoblog {display:none}
    body.login div#login p#backtoblog a {display:none}
    .login form {background-color: #ffffff; zoom: 1;
    filter: alpha(opacity=94);
    opacity: 0.94; }

  6. Honkytonky
    Member
    Posted 1 year ago #

    Wow, it is me again. I feel so sorry about spamming your account here, maybe we can finally combine all these posts but besides the missing button for email auth now I understand what the real problem is in my case.

    I totally overread "Users can change their own settings on Users -> Two Factor Auth when they're logged in." My problem is that at this point of time I have to hide the menue "users" from anyone (editors) besides me. This means that by this point of time neither I would be able to easily set google auth for my users nor they due to the absence of the menue point in their backend. The question is if this mechanism will be altered in the new version that you upload on Friday. I really love the plugin and would love to have it up and working. In my eyes it is the best thing to go with in fields of 2 factor auth and I have been playing around with a lot of options and different plugs. If there was any way to set the rights user specifically by the admin and then enter the key manually into the downloaded google apps of our staff that would be just awesome. For now I prefer Google Auth over e-mail because it is much more secure. Okay, definitely my last post and I hope I did not intrude!

  7. oskarhane
    Member
    Plugin Author

    Posted 1 year ago #

    No problem, it's good to have feedback :)

    What if I add a root menu item, will your users be able to see it and activate google auth?
    The reason why users should do it themselves is because the private key is supposed to be private.

    The alternative would be to add a tab to the "Settings"->"Two factor auth" where you as an admin can read the private keys for all users.
    But I resist to do this because of the integrity of the private keys.

    One question, the emails do not work for you? Do you get any other emails from your wordpress installation?
    (I understand you don't want to use email, but maybe we have a bug here).

  8. Honkytonky
    Member
    Posted 1 year ago #

    Oskar,

    thanks for looking into that. Regarding to the email feature: you should not worry because I made several test yesterday and found out that some wordpress mails get through, others not. I have some small features installed which refer email in one or the other way - they also do not get through. I guess this is due to my localhost installlation - I played around with several tutorials from the internet which describe how to make it work for Mac and Mamp - it is complicated and I did not succeed so far. Your idea is quite good - a root item would be perfect! I totally understand that restricting it to the admin is not a good idea due to the given reasons.

    Let me know how I can help to test! Friday night I will look out for the update and have a go and try. Unfortunately in these moments I can only try in a local environment but it is still something!

    Greetz from Chile
    Micha

  9. oskarhane
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks Micha,

    I figured I'll release the update today, including security fixes as well as moving the user settings to the root level of admin menu.

    Please check it out and come back if there's still some issues for you.

  10. Honkytonky
    Member
    Posted 1 year ago #

    Dear Oskar,

    I installed the update! The database update works. I checked it back in the base itself and it did not mess up anything - all clear. 2FA now appears as a global menu point - that works like a charme. My installed Google Auth mechanism also works as before. When I check editors now I get the formular and the input field for the code but no additional button shows up. I cannot login to the account and can not ensure myself if the plugin is managable. If I uncheck editors however the plugin does not appear in the root menu of the editors and I cannot make any settings. Now I am stuck because I do not actually know ehether this is a fault of my istallation or a pure illogical thinking error. I tried to works with Adminimize, a great plugin to trim the backend according to user roles. Unfortunately 2FA does not appear in the settings page of Adminimize and also User Role Editor does not show any additional rights management for the plugin. I guess all is due to the button I miss for send the first E-Mail. If I managed to do that maybe the menu point appears and I can reconfigure for true Google Auth in the settings itself. I am still working on this and have two fixes to go for. However at the moment I got a little stuck at the level of technical realization:

    1st: force 2FA to appear in the editors backend without activation...I turned my head to the wordpress tutorials and docs, but I do not find the right approach.

    2nd: make the button finally appear which for some obscure reasons does not happen. I finally deleted all my login page hacks...the css I gave you above. It turns back to WP standards....but also shows the text input without a button.

    Just to ensure me: does the plug send the first code automatically without any button to appear or should it appear on first login-visit?

    I am still eager to make that work and I hope it will happen, hehehe. The plug is great and though I could just keep it with the admin I could really need the high level of security for all my users as it is a CMS for a school which in the future should provide features that ask for the handling of sensitive data as well.

    Any idea is really appreciated but I know it is hard for you to tell what happens.

    Thanks for your valuable and high end support/ work on this.
    Greetz from Chile!

    Micha

  11. oskarhane
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks for the update Micha.

    If you deactivate the plugin for editors they should be able to reach the settings page by going to /wp-admin/admin.php?page=two-factor-auth-user so they can set up third party apps before they are activated.

    Maybe I misunderstand you, but don't you see this button on the login page?
    When that button is clicked (and an username is entered before the click) a background call is made and if the user has email delivery of the OTP, an email is sent.

    What version of WP are you using?
    Is it a WordPress MultiSite (WordPress Network)?

    Of course, we will solve this, I'm just not sure what the real issue is. :)
    Is it that your WP doesn't send email (I use WP's function for sending emails) or is it that the button doesn't show up on the login page? Or maybe both?

  12. Honkytonky
    Member
    Posted 1 year ago #

    Hey, thx a lot for your reply.

    Regarding to the tech facts: it is the latest stable wp version, 3.5.1, it is no multi site a normal localhost install on MAMMP.

    The funny thing is that when I use the given link while an editor is logged in the server gives me a "You do not have sufficient rights" error...of course in my admin account it works like a charme and leads to the actual settings page.

    Regarding to the login issue I seem that I understand you a lot better now. There is no new button being displayed but the inition of the e-mail-delivery happens with the click on the input field? If that is the case I have to solve my localmail issue and somewhat get that email out to check if it works. But still the problem will be to change for that user to Google Auth as I strangely cannot happen to make the settings appear on the users backends. Hehehe, I guess this is something so small that gets my hair roughed up...incredible. I will try to desactivate Adminimize and User Role editor...but on the other hand I do not have the possibility to leave the backend open to editors...we will make it happen :-). It is far too good to stop right now! Greetz!

  13. oskarhane
    Member
    Plugin Author

    Posted 1 year ago #

    Alright,

    That is actually a grey button on the login page, the one i drew a red circle around on my screenshot in my last post. I kind of agree that it look like an input field but it is a button. It's WP's standard button for CSS class .button :)
    But anyway, yes, when that button is clicked an email with the OTP is sent if the username entered has email delivery. And the button should disappear and an input field should be displayed instead.

    If you activate the plugin for the group editors, email delivery will be default for them. When they click the button on the login page they get an email with an OTP. Now they can login and activate and setup Google Auth for themselves.

    So, please try to get emails to work on your local mammp so you can verify that it works as expected.

    I mean, you don't have to setup Google Auth for all your users. They can have email delivery until they set it up themselves. Right?

  14. Honkytonky
    Member
    Posted 1 year ago #

    Thx Oskar,

    I got it, it was my fault. I always expected a button to show up and I was irritated by this blue design of the login button, it was clearly a misunderstanding on my side.

    Regarding to the Auth procedure, yes, in principle yes, but my headmaster asked me to integrate the best security possible. Hence the great usability of this feature I am still curious. What I found out is that the admin menue left hand seems to be structured in three parts, one that goes with the pages, posts and all related custom post types, one that goes with the options, settings and appearance, this is the one that is being blocked from display to the editors and one below which most other plugins occupy. I thought that it might be a good idea in my case to move 2FA to this structure because these plugs all show up. But as I by far extent am not made of your skills the question is: how independent is the place where the menu goes from how the plug works. It is a question of altering the hook and no more because than I could possibly look it up. Or does ist depend on altering all the database?
    In the meantime I will try a test with a mail setup. I am highly curious!

  15. Honkytonky
    Member
    Posted 1 year ago #

    Dear Oskar,

    just a quick note to say thank you so much. To let you know what I did and to lift some shadows for newbies like I am:

    I had to find a complicate workaround to solve the problem. First I activated postfix on my mac. This is a real pain in the ass but there are some tutorials out there: the only one that worked for me is http://benjaminrojas.net/configuring-postfix-to-send-mail-from-mac-os-x-mountain-lion/

    Because mails do not get send properly to my gmail account I ended up hacking brutally into the plain mails via the console and the simple "mail" command and read the mailer deamons in my console. Expect nothing readable, you have to close your eyes and clench your teeth. However it turned out that Oscars mails are indeed sent properly. I deleted a felt million of different mailer daemons of my wordpress local install first and had one clean login mail from 2FA sent again to make it easier to navigate in the console. The proper command to do so is: http://www.patrickpatoray.com/index.php?Page=47.
    Be aware however, that you have to be superuser on the mac, thats similar to superroot in linux. Make your admin superroot by going to Preferences, Users and Groups, and enabling Network/Expanded Directories.
    Then I read this mail locally in the console and logged in successfully in an editors account. Then I finally had access to the menue item and changed to Google Auth. Finally it worked like a charme. Setting up a second account on my IPhone I then was able to login with the editor and my headmasters account. Thanks so much, Oscar. I already gave you five stars earned for your big support, will write the review now! Cheers!

  16. oskarhane
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks Micha,

    I'm glad we sorted this one out.
    I will make the button on the login page blue so it's more clear that it's a button.
    Regarding moving the menu item, I will look in to it. I set the position in my code, but maybe I can write another plugin that overrides this one. I'll get back to you.

    Thanks for the review!

    I will release a new version soon with a blue button and some typo fixes.

  17. jweinberger
    Member
    Posted 1 year ago #

    Hi:

    I just tried to install this, and when I tried to activate the plugin, I got the message:

    Plugin could not be activated because it triggered a fatal error.
    
    Parse error: syntax error, unexpected T_STRING in /home/jaweinberger/dsthree.com/wp-content/plugins/two-factor-auth/two-factor-login.php on line 21

    I"m using WP 3.5.1

    Help?

  18. Honkytonky
    Member
    Posted 1 year ago #

    Would be eager to help but for reasons of my last night translation into Chilean spanish I did not update yet. Oscar, would I be able to copy only certain parts of your new update in order not to lose my entire translation. I unfortunalety had to translate the backend for our editors as the use of English is not widely spread in Chile! Hope that the new update did not crash due to my questions here :-). Thx and greetz, latest install still working like a charme!

  19. Honkytonky
    Member
    Posted 1 year ago #

    J Weinberger,

    it just crossed my mind: when I had a file of the plugin open in Dreamweaver today it spit me out some php errors - I did not pay too much attention because I usually prevent using DW and code everything in text editor. Above all DW is known to have a somewhat akward behavior towards evaluating code! Maybe you give it a try and have a look into it yourself!

  20. jweinberger
    Member
    Posted 1 year ago #

    Hi:

    Not clear what you are suggesting here. I don't use DreamWeaver and don't code.

    I simply clicked "Activate" on the wordpress plugin screen and this error appeared at the top of the screen.

    Clearly there is an error in your plug in. I don't know why or what the error is.

    Not sure what you are suggesting I "look into"....

    can you help fix it?

  21. Honkytonky
    Member
    Posted 1 year ago #

    J,

    I am not the author of the plugin and by far extent my competencies do not allow coding stuff like that. I just assumed you were capable of coding html, css and some minor php stuff like I do. I understand that as a wordpress user not everybody does this. In this case please stay put for Oskars answer. He is really kind and gets back to requests fast and competent. I would love to help out by trying to install but I spend 2 hours translating today and would lose all my work. From what I can say right now, try the following: deactivate any security related plugin you momentarily use. Do it one by one always activating 2FA right after. By any chance it could be a plugin conflict. I experience no conflicts with WP Better Security, User Role Plugin and Adminimize. I have no other related plugs installed!

  22. jweinberger
    Member
    Posted 1 year ago #

    Got it. I thought you were responding as the author.

    I need to know if this can be resolved as standard (not my) code.

    If not, I need to find a different plug-in.

    I'll await the author's answer. Thanks for trying to help!

  23. Honkytonky
    Member
    Posted 1 year ago #

    I just do not want to have you stand in the rain:
    the error you pasted at least points in the direction of a string that has not been properly closed. If you need a solution really bad you could open the according file (see the error) in a text editor and look for a missing " or another closing character! It should not be too complicated. If you browse the error message into google you will be pointed to a bunch of great sites that easily explain it. It is if so y typo, no more. Do by any chance not move on to another plug. 2FA is by far extent the mastery option. I spend two weeks looking, trying, deleting and this is the thing. Only throwing in my two cents here.

  24. oskarhane
    Member
    Plugin Author

    Posted 1 year ago #

    jweinberger: What version of PHP are you using? That row uses PHP namespaces that were introduced in PHP 5.3 that were released 4 years ago.

    Please check and get back to me.

  25. oskarhane
    Member
    Plugin Author

    Posted 1 year ago #

    Honkytonky: In your tfa4.js where the button is created (row 8-11), change to this to get the button blue.

    var otp_btn = document.createElement('button');
    otp_btn.id = 'otp-button';
    otp_btn.className = 'button button-large button-primary';
    otp_btn.onclick = function(){ return tfaChangeToInput(); };
    otp_btn.style.float = 'none';
  26. jweinberger
    Member
    Posted 1 year ago #

    PHP 5.3

  27. oskarhane
    Member
    Plugin Author

    Posted 1 year ago #

    jweinberger: I'll look into it. Please start a new thread with this issue in the meantime so other people with the same issue can find it. I'll answer in the new thread soon.

  28. jweinberger
    Member
    Posted 1 year ago #

    Done.

    The new thread is called "Two Factor Auth: PHP error trying to activate"

    Thanks for your help!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.