Jump to content

[SOLVED] Tfa module not remembering me


asbjorn
 Share

Recommended Posts

I have ProcessWire 3.0.165 installed, TfaTotp 0.0.4 and TfaEmail 0.0.2. And I have the problem that the system is not remembering the login. It keeps asking for both login and tfa code at every restart of my browser. Also other users of my website is reporting the same.

I am at a loss where to begin debugging this issue. I have tried multiple browsers. Also deactivating all options in ProcessLogin for Do not allow user to skip code entry when any of these properties change does not help. The settings are for remember me for 90 days.

Any one had the same experience?

Link to comment
Share on other sites

Moderator note: this is not a module support thread, so I'm moving it to the General Support area of the forum instead. Please keep in mind that the Modules/Plugins area is only intended for module-specific support threads. Thanks!

 
 
Link to comment
Share on other sites

  • 3 weeks later...

I think I have a relevant clue on how to solve this. It seems that the authenticate code is remembered on my "www.domain.com" page. But the problem I posted on, was on "subdomain.domain.com". So I think it is because of the subdomain. I have not yet found a way to check this out and test my theory.

Link to comment
Share on other sites

  • 4 weeks later...

I think I got a step closer. I have a few lines of code in a ready.php file to redirect the user to the front end after login. When I removed these lines, the browser login session at my ProcessWire page remembered me the next time, and did not ask for the two factor authentication code. There are the lines of code. I'm not sure about the first part being relevant, but they are part of ready.php anyway.

$wire->addHookAfter('InputfieldPage::getSelectablePages', function($event) {
  if($event->object->name == 'avdeling') {
    $event->return = $event->pages->get("id=$event->user")->editor_unit;
  }
});

$this->addHookAfter('Session::loginSuccess', null, function($event) {
    if($this->wire('user')) $this->wire('session')->redirect("/");
});

Does anyone know why these lines of code would make the login ask for the TFA code every time?

Link to comment
Share on other sites

I found a solution.

At least the solution still works after some testing: Logging in, typing tfa, logging out, closing browser.

The solution was to hook the redirect after ProcessLogin::afterLogin

$this->addHookAfter('ProcessLogin::afterLogin', null, function($event) {
    if($this->wire('user')) $this->wire('session')->redirect("/");
});

 

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...