[3.2][BETA] phpBB two factor authentication

A place for Extension Authors to post and receive feedback on Extensions still in development. No Extensions within this forum should be used within a live environment!
Get Involved
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: Extensions Development rules

IMPORTANT FOR NEEDED EVENTS!!!
If you need an event for your extension please read this for the steps to follow to request the event(s)
User avatar
tojag
Registered User
Posts: 400
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: [DEV]phpBB two factor authentication

Post by tojag » Wed Mar 14, 2018 11:59 am

First attempts.

Test environment
phpBB3.2.2 - clean installlation. No others extensions.
XAMPP 7.0.18.
Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/7.0.18
PHP 7
memory_limit=128M
max_execution_time=3000
post_max_size=8M
MySQL
libmysql - mysqlnd 5.0.12
10.1.22-MariaDB

OTP method with Google Authenticator
Require 2FA for admins & moderators.

After turning on 2FA and setting method and confirm by first code, first attempt of login as admin:
Fatal error: Allowed memory size of 134217728 bytes axhausted (tried to allocate 4096 bytes) in Unknown on line 0.

Next attempt every time:
General error SQL ERROR [ mysqli ]
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''1' at line 4 [1064]


Edit:
I turned off https, next attempt... my test site shows only this:
Fatal error: Uncaught phpbb\exception\http_exception: TFA_SOMETHING_WENT_WRONG in C:\xampp7018\htdocs\phpBB3\ext\paul999\tfa\helper\session_helper.php:253 Stack trace: #0 C:\xampp7018\htdocs\phpBB3\ext\paul999\tfa\event\listener.php(172): paul999\tfa\helper\session_helper->generate_page('2', 0, NULL, true, 'index.php') #1 [internal function]: paul999\tfa\event\listener->auth_login_session_create_before(Object(phpbb\event\data), 'core.auth_login...', Object(phpbb\event\dispatcher)) #2 C:\xampp7018\htdocs\phpBB3\vendor\symfony\event-dispatcher\EventDispatcher.php(184): call_user_func(Array, Object(phpbb\event\data), 'core.auth_login...', Object(phpbb\event\dispatcher)) #3 C:\xampp7018\htdocs\phpBB3\vendor\symfony\event-dispatcher\EventDispatcher.php(46): Symfony\Component\EventDispatcher\EventDispatcher->doDispatch(Array, 'core.auth_login...', Object(phpbb\event\data)) #4 C:\xampp7018\htdocs\phpBB3\phpbb\event\dispatcher.php(62): Symfony\Component\EventDispatcher\EventDispatcher->dispatch('core.auth_login...', Object(phpbb\ in C:\xampp7018\htdocs\phpBB3\ext\paul999\tfa\helper\session_helper.php on line 253

Now I can't login at all.
I think I have to do a new installation of phpBB....

Edit:
The latter 'Fatal error' is just an effect of not closing the browser. After restarting the browser, again the same 'General SQL Error'.
Sorry my english. I hope You understand what I mean.

User avatar
tojag
Registered User
Posts: 400
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: [DEV]phpBB two factor authentication

Post by tojag » Wed Mar 14, 2018 2:01 pm

I try to off the extension by setting ext_active=0 in phpbb_ext but it still active. Login page is expected OTP code, even if I restart browser and xampp.
So, I have to reinstall test environment seriously.

Edit:
After manually clear cache folder I can off it.
Last edited by tojag on Thu Mar 15, 2018 12:32 pm, edited 1 time in total.
Sorry my english. I hope You understand what I mean.

User avatar
tojag
Registered User
Posts: 400
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: [DEV]phpBB two factor authentication

Post by tojag » Wed Mar 14, 2018 2:32 pm

New attempt. New clean installation of test environment phpBB 3.2.2.
Previous test "required 2FA for ACP", now "don't require 2FA".
After enable it in UCP, with OTP and confirm by first code, the same "General SQL error" like previos when I try to login :(
Sorry my english. I hope You understand what I mean.

nou nou
Registered User
Posts: 361
Joined: Sat Oct 29, 2016 8:08 pm

Re: [DEV]phpBB two factor authentication

Post by nou nou » Thu Mar 29, 2018 7:41 am

Hi there,


trying this on a test board (phpBB3.2.2), activated the extension successfully (0.0.2), then in the setting switched it to "do not require 2fa" and then got this error message:

Code: Select all

Fatal error: Uncaught phpbrowscap\Exception: error locking lockfile /home/user/mywebsite.com/forum/cache/cache.lock in /home/user/mywebsite.com/forum/ext/paul999/tfa/vendor/browscap/browscap-php/src/phpbrowscap/Browscap.php:555 Stack trace: #0 /home/user/mywebsite.com/forum/ext/paul999/tfa/vendor/browscap/browscap-php/src/phpbrowscap/Browscap.php(301): phpbrowscap\Browscap->updateCache() #1 /home/user/mywebsite.com/forum/ext/paul999/tfa/modules/u2f.php(114): phpbrowscap\Browscap->getBrowser('Mozilla/5.0 (Wi...') #2 /home/user/mywebsite.com/forum/ext/paul999/tfa/modules/u2f.php(95): paul999\tfa\modules\u2f->is_potentially_usable('2') #3 /home/user/mywebsite.com/forum/ext/paul999/tfa/helper/session_helper.php(209): paul999\tfa\modules\u2f->is_usable('2') #4 /home/user/mywebsite.com/forum/ext/paul999/tfa/helper/session_helper.php(174): paul999\tfa\helper\session_helper->isTfaRegistered('2') #5 /home/user/mywebsite.com/forum/ext/paul999/tfa/event/ in /home/user/mywebsite.com/forum/ext/paul999/tfa/vendor/browscap/browscap-php/src/phpbrowscap/Browscap.php on line 555

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25324
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: [DEV]phpBB two factor authentication

Post by Paul » Thu Mar 29, 2018 7:43 am

I have fixed last week a bunch of issues, including the ones reported by tojag, and also this lock error. There is still one issue I need to fix, and after that I will make a new release to test out.
This release will require 3.2.0, and won't work on 3.1.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

nou nou
Registered User
Posts: 361
Joined: Sat Oct 29, 2016 8:08 pm

Re: [3.2][DEV] phpBB two factor authentication

Post by nou nou » Thu Mar 29, 2018 7:57 am

Sounds great thanks! Will simply replacing the extension files with that new version fix the issue or do I have to do some database magic to remove v0.0.2 first? :)

User avatar
tojag
Registered User
Posts: 400
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: [3.2][DEV] phpBB two factor authentication

Post by tojag » Mon Jun 11, 2018 10:01 am

Hi Paul
Any new version of Your extension?
Regards
Sorry my english. I hope You understand what I mean.

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25324
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: [3.2][DEV] phpBB two factor authentication

Post by Paul » Mon Jun 11, 2018 11:02 am

No, not yet. Have been quiet busy at work and stuff, so no time. Once there is a new version it will be posted here.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

User avatar
tojag
Registered User
Posts: 400
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: [3.2][DEV] phpBB two factor authentication

Post by tojag » Thu Mar 21, 2019 9:42 am

Paul, any chance for a new release?
Sorry my english. I hope You understand what I mean.

ivellios1988
Registered User
Posts: 14
Joined: Sat Jun 05, 2010 11:42 am

Re: [3.2][DEV] phpBB two factor authentication

Post by ivellios1988 » Fri Apr 05, 2019 4:28 pm

Bump. Any chances for a new release? The module doesn't work properly in phpBB 3.2.5, after providing the code it shows some session-related errors.

By the way, I made an almost-complete Polish translation for this module, in case someone needs one.

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25324
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: [3.2][DEV] phpBB two factor authentication

Post by Paul » Fri Apr 05, 2019 5:29 pm

What about posting those errors? Instead of telling there are errors ;)
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

ivellios1988
Registered User
Posts: 14
Joined: Sat Jun 05, 2010 11:42 am

Re: [3.2][DEV] phpBB two factor authentication

Post by ivellios1988 » Sat Apr 06, 2019 11:49 am

Sorry, I was away from home. Here's the error message:

Code: Select all

SQL ERROR [ mysql4 ]

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1' at line 4 [1064]

SQL

UPDATE phpbb_sessions SET tfa_random = '', tfa_uid = 0 WHERE session_id = '93bf3cf2f519e59f25ddf9f87210f231' AND session_user_id = '1

BACKTRACE

FILE: (not given by php)
LINE: (not given by php)
CALL: msg_handler()

FILE: [ROOT]/phpbb/db/driver/driver.php
LINE: 997
CALL: trigger_error()

FILE: [ROOT]/phpbb/db/driver/mysql.php
LINE: 191
CALL: phpbb\db\driver\driver->sql_error()

FILE: [ROOT]/phpbb/db/driver/factory.php
LINE: 329
CALL: phpbb\db\driver\mysql->sql_query()

FILE: [ROOT]/ext/paul999/tfa/controller/main_controller.php
LINE: 136
CALL: phpbb\db\driver\factory->sql_query()

FILE: (not given by php)
LINE: (not given by php)
CALL: paul999\tfa\controller\main_controller->submit()

FILE: [ROOT]/vendor/symfony/http-kernel/HttpKernel.php
LINE: 135
CALL: call_user_func_array()

FILE: [ROOT]/vendor/symfony/http-kernel/HttpKernel.php
LINE: 57
CALL: Symfony\Component\HttpKernel\HttpKernel->handleRaw()

FILE: [ROOT]/app.php
LINE: 35
CALL: Symfony\Component\HttpKernel\HttpKernel->handle()
EDIT: It looks like @tojag had similar issue?
Last edited by ivellios1988 on Sat Apr 06, 2019 1:58 pm, edited 1 time in total.

ivellios1988
Registered User
Posts: 14
Joined: Sat Jun 05, 2010 11:42 am

Re: [3.2][DEV] phpBB two factor authentication

Post by ivellios1988 » Sat Apr 06, 2019 11:58 am

PROBLEM SOLVED! Well, at least I think so ;)

File: ext/paul999/tfa/controller/main_controller.php

Line: 135

Find:

Code: Select all

session_user_id = '" . (int) $this->user->data['user_id'];
Replace with:

Code: Select all

session_user_id = " . (int) $this->user->data['user_id'];

ivellios1988
Registered User
Posts: 14
Joined: Sat Jun 05, 2010 11:42 am

Re: [3.2][DEV] phpBB two factor authentication

Post by ivellios1988 » Sat Apr 06, 2019 1:55 pm

And this is my Polish translation for 2fa: http://archiwum-paranormalium.ovh/phpbb ... ion/pl.zip

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25324
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: [3.2][DEV] phpBB two factor authentication

Post by Paul » Sat Apr 06, 2019 2:25 pm

That error was already fixed in the develop branch (Which is also the branch which should be used really) as far I know.

If you want to contribute a translation, please create a PR on github. Also make sure to use the develop as base for it.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

Post Reply

Return to “Extensions in Development”