WordPress.org

Support

Support » Plugins and Hacks » Two Factor Auth » [Resolved] Some understanding problems

[Resolved] Some understanding problems

  • First of all: thank you for the plugin. I still have some harsh time understanding and wanted to ask for some short advice. I do not want to use third party apps. I just want some school staff users to log in by Username, password and an additional one time pass send to their email accounts when they log in. I am still unsure if this plugin can really do it. I installed it and to a certain extent it worked, it added a third login field for the auth code. Nevertheless I saw no button to generate the email and I had not been sent anything to my email stored in the database. Nevertheless I run a local install right now and would like to implement exactely such a feature. Could you help me understand if and how exactely set up your plugin?!
    Greetz from Chile!

    http://wordpress.org/extend/plugins/two-factor-auth/

Viewing 15 replies - 1 through 15 (of 27 total)
  • Plugin Author oskarhane

    @oskarhane

    Hi,

    It should work just by installing it.
    The button and field on the login screen should be added.
    Do you use some other plugin that modifies the login page?

    Maybe go to “Settings”->”Two Factor Auth” and make sure that all checkboxes for all user roles are checked.

    If they are and you don’t see the button on the login page, try to uninstall and install again.

    I’m finishing up a new (and a whole lot more secure) version right now that will be released this friday.

    Just to be clear: You don’t even see the button on the login page? Or is the problem that nothing happens when you click the button?

    Dear Oskar,

    thanks for getting back to me so quick! The problem ist that I see the fnew field in the formular but I do not have a button which says send mail or anything like this. Yesterday night I managed to get it to work for my admin account wit Google Auth – an amazing work you did there – it works like a charme. What I simply do not understand is the mechanism – I turned it on for ALL Userroles – nevertheless now besides me no one can effectively log in. I also do not see an edit field in the profiles of the users when I try end edit them as an admin. I do not use a plugin for the login, I only style the login page a bit with a style sheet in WHITE LABEL CMS, but no buttons or stuff is hidden. Maybe we can figure this out. A reinstall did not work! Talk to you soon! Thank yoU!

    Sorry, I had to leave urgently for classes end could not end my thought on this. What I intended to ask was: how would it work now to proceed with Google Auth for all my other 5 editors and 20 contributors. Would everyone have to set up the Google app, had me to insert the key from the backend and would be finally able to login with the time based one time passwords just like I can right now?
    If so this would be a solution to my problem.

    I just realized that I should really leave some quality information for you in case you want to check whether this was something to debug:

    I have this css as an add-on in the WHITELABEL CMS Settings;
    I do not do much more than hide error messages to prevent bots from reading out user information, put a cover background, hide blog and reset password link, and for the sake of the eye I add a little transparency which is due to the bgr pic. I had nevertheless a version of E-Mail Login installed which was due to different experiemets referring to possible user login mechanisms which I deinstalled properly and cleaned the database of any unwanted leftovers. I have a caching plug installed, the small one by Sergej, not W3 Cache due to its recents compatibility issues.

    body.login{
    background-image:url(‘http://localhost:8888/wp-content/uploads/2013/05/schule.jpg’);
    no-repeat center center fixed;
    -webkit-background-size: cover;
    -moz-background-size: cover;
    -o-background-size: cover;
    background-size: cover;}

    body.login div#login {padding-left:225px;}
    .message, #login_error { display:none; }
    .login #login p#nav a {display:none}
    body.login div#login p#backtoblog {display:none}
    body.login div#login p#backtoblog a {display:none}
    .login form {background-color: #ffffff; zoom: 1;
    filter: alpha(opacity=94);
    opacity: 0.94; }

    Wow, it is me again. I feel so sorry about spamming your account here, maybe we can finally combine all these posts but besides the missing button for email auth now I understand what the real problem is in my case.

    I totally overread “Users can change their own settings on Users -> Two Factor Auth when they’re logged in.” My problem is that at this point of time I have to hide the menue “users” from anyone (editors) besides me. This means that by this point of time neither I would be able to easily set google auth for my users nor they due to the absence of the menue point in their backend. The question is if this mechanism will be altered in the new version that you upload on Friday. I really love the plugin and would love to have it up and working. In my eyes it is the best thing to go with in fields of 2 factor auth and I have been playing around with a lot of options and different plugs. If there was any way to set the rights user specifically by the admin and then enter the key manually into the downloaded google apps of our staff that would be just awesome. For now I prefer Google Auth over e-mail because it is much more secure. Okay, definitely my last post and I hope I did not intrude!

    Plugin Author oskarhane

    @oskarhane

    No problem, it’s good to have feedback 🙂

    What if I add a root menu item, will your users be able to see it and activate google auth?
    The reason why users should do it themselves is because the private key is supposed to be private.

    The alternative would be to add a tab to the “Settings”->”Two factor auth” where you as an admin can read the private keys for all users.
    But I resist to do this because of the integrity of the private keys.

    One question, the emails do not work for you? Do you get any other emails from your wordpress installation?
    (I understand you don’t want to use email, but maybe we have a bug here).

    Oskar,

    thanks for looking into that. Regarding to the email feature: you should not worry because I made several test yesterday and found out that some wordpress mails get through, others not. I have some small features installed which refer email in one or the other way – they also do not get through. I guess this is due to my localhost installlation – I played around with several tutorials from the internet which describe how to make it work for Mac and Mamp – it is complicated and I did not succeed so far. Your idea is quite good – a root item would be perfect! I totally understand that restricting it to the admin is not a good idea due to the given reasons.

    Let me know how I can help to test! Friday night I will look out for the update and have a go and try. Unfortunately in these moments I can only try in a local environment but it is still something!

    Greetz from Chile
    Micha

    Plugin Author oskarhane

    @oskarhane

    Thanks Micha,

    I figured I’ll release the update today, including security fixes as well as moving the user settings to the root level of admin menu.

    Please check it out and come back if there’s still some issues for you.

    Dear Oskar,

    I installed the update! The database update works. I checked it back in the base itself and it did not mess up anything – all clear. 2FA now appears as a global menu point – that works like a charme. My installed Google Auth mechanism also works as before. When I check editors now I get the formular and the input field for the code but no additional button shows up. I cannot login to the account and can not ensure myself if the plugin is managable. If I uncheck editors however the plugin does not appear in the root menu of the editors and I cannot make any settings. Now I am stuck because I do not actually know ehether this is a fault of my istallation or a pure illogical thinking error. I tried to works with Adminimize, a great plugin to trim the backend according to user roles. Unfortunately 2FA does not appear in the settings page of Adminimize and also User Role Editor does not show any additional rights management for the plugin. I guess all is due to the button I miss for send the first E-Mail. If I managed to do that maybe the menu point appears and I can reconfigure for true Google Auth in the settings itself. I am still working on this and have two fixes to go for. However at the moment I got a little stuck at the level of technical realization:

    1st: force 2FA to appear in the editors backend without activation…I turned my head to the wordpress tutorials and docs, but I do not find the right approach.

    2nd: make the button finally appear which for some obscure reasons does not happen. I finally deleted all my login page hacks…the css I gave you above. It turns back to WP standards….but also shows the text input without a button.

    Just to ensure me: does the plug send the first code automatically without any button to appear or should it appear on first login-visit?

    I am still eager to make that work and I hope it will happen, hehehe. The plug is great and though I could just keep it with the admin I could really need the high level of security for all my users as it is a CMS for a school which in the future should provide features that ask for the handling of sensitive data as well.

    Any idea is really appreciated but I know it is hard for you to tell what happens.

    Thanks for your valuable and high end support/ work on this.
    Greetz from Chile!

    Micha

    Plugin Author oskarhane

    @oskarhane

    Thanks for the update Micha.

    If you deactivate the plugin for editors they should be able to reach the settings page by going to /wp-admin/admin.php?page=two-factor-auth-user so they can set up third party apps before they are activated.

    Maybe I misunderstand you, but don’t you see this button on the login page?
    When that button is clicked (and an username is entered before the click) a background call is made and if the user has email delivery of the OTP, an email is sent.

    What version of WP are you using?
    Is it a WordPress MultiSite (WordPress Network)?

    Of course, we will solve this, I’m just not sure what the real issue is. 🙂
    Is it that your WP doesn’t send email (I use WP’s function for sending emails) or is it that the button doesn’t show up on the login page? Or maybe both?

    Hey, thx a lot for your reply.

    Regarding to the tech facts: it is the latest stable wp version, 3.5.1, it is no multi site a normal localhost install on MAMMP.

    The funny thing is that when I use the given link while an editor is logged in the server gives me a “You do not have sufficient rights” error…of course in my admin account it works like a charme and leads to the actual settings page.

    Regarding to the login issue I seem that I understand you a lot better now. There is no new button being displayed but the inition of the e-mail-delivery happens with the click on the input field? If that is the case I have to solve my localmail issue and somewhat get that email out to check if it works. But still the problem will be to change for that user to Google Auth as I strangely cannot happen to make the settings appear on the users backends. Hehehe, I guess this is something so small that gets my hair roughed up…incredible. I will try to desactivate Adminimize and User Role editor…but on the other hand I do not have the possibility to leave the backend open to editors…we will make it happen :-). It is far too good to stop right now! Greetz!

    Plugin Author oskarhane

    @oskarhane

    Alright,

    That is actually a grey button on the login page, the one i drew a red circle around on my screenshot in my last post. I kind of agree that it look like an input field but it is a button. It’s WP’s standard button for CSS class .button 🙂
    But anyway, yes, when that button is clicked an email with the OTP is sent if the username entered has email delivery. And the button should disappear and an input field should be displayed instead.

    If you activate the plugin for the group editors, email delivery will be default for them. When they click the button on the login page they get an email with an OTP. Now they can login and activate and setup Google Auth for themselves.

    So, please try to get emails to work on your local mammp so you can verify that it works as expected.

    I mean, you don’t have to setup Google Auth for all your users. They can have email delivery until they set it up themselves. Right?

    Thx Oskar,

    I got it, it was my fault. I always expected a button to show up and I was irritated by this blue design of the login button, it was clearly a misunderstanding on my side.

    Regarding to the Auth procedure, yes, in principle yes, but my headmaster asked me to integrate the best security possible. Hence the great usability of this feature I am still curious. What I found out is that the admin menue left hand seems to be structured in three parts, one that goes with the pages, posts and all related custom post types, one that goes with the options, settings and appearance, this is the one that is being blocked from display to the editors and one below which most other plugins occupy. I thought that it might be a good idea in my case to move 2FA to this structure because these plugs all show up. But as I by far extent am not made of your skills the question is: how independent is the place where the menu goes from how the plug works. It is a question of altering the hook and no more because than I could possibly look it up. Or does ist depend on altering all the database?
    In the meantime I will try a test with a mail setup. I am highly curious!

    Dear Oskar,

    just a quick note to say thank you so much. To let you know what I did and to lift some shadows for newbies like I am:

    I had to find a complicate workaround to solve the problem. First I activated postfix on my mac. This is a real pain in the ass but there are some tutorials out there: the only one that worked for me is http://benjaminrojas.net/configuring-postfix-to-send-mail-from-mac-os-x-mountain-lion/

    Because mails do not get send properly to my gmail account I ended up hacking brutally into the plain mails via the console and the simple “mail” command and read the mailer deamons in my console. Expect nothing readable, you have to close your eyes and clench your teeth. However it turned out that Oscars mails are indeed sent properly. I deleted a felt million of different mailer daemons of my wordpress local install first and had one clean login mail from 2FA sent again to make it easier to navigate in the console. The proper command to do so is: http://www.patrickpatoray.com/index.php?Page=47.
    Be aware however, that you have to be superuser on the mac, thats similar to superroot in linux. Make your admin superroot by going to Preferences, Users and Groups, and enabling Network/Expanded Directories.
    Then I read this mail locally in the console and logged in successfully in an editors account. Then I finally had access to the menue item and changed to Google Auth. Finally it worked like a charme. Setting up a second account on my IPhone I then was able to login with the editor and my headmasters account. Thanks so much, Oscar. I already gave you five stars earned for your big support, will write the review now! Cheers!

    Plugin Author oskarhane

    @oskarhane

    Thanks Micha,

    I’m glad we sorted this one out.
    I will make the button on the login page blue so it’s more clear that it’s a button.
    Regarding moving the menu item, I will look in to it. I set the position in my code, but maybe I can write another plugin that overrides this one. I’ll get back to you.

    Thanks for the review!

    I will release a new version soon with a blue button and some typo fixes.

Viewing 15 replies - 1 through 15 (of 27 total)
  • The topic ‘[Resolved] Some understanding problems’ is closed to new replies.
Skip to toolbar