codefareith / cf_google_authenticator Goto Github PK
View Code? Open in Web Editor NEWTYPO3 CMS extension | provide Google 2FA for backend and frontend users
License: GNU General Public License v3.0
TYPO3 CMS extension | provide Google 2FA for backend and frontend users
License: GNU General Public License v3.0
Second factor ignored with ig_ldap_sso_auth ext
Hey,
actual i'm using ig_ldap_sso_auth ext for LDAP authentification in combination with active directory.
It seems like the second factor is ignored in frontend login when using the LDAP / SSO and google authenticator service.
Do you may know a solution that both services in the authentification chain could be consulted?
Detected with TYPO3 V9.5.18 and Ext:cf_google_authenticator V1.2.2
I did the installation for frontend login purpose according to your manual description. After installation I got this frontend view, see picture 1:
Afterwards if I logged in successfully I already see the protected area, even though I didn't login through 2 factor authentication! See picture 2:
My expectation was, that only after succesfull login with 2 factor authentication I can see the protected area. Have I forgot something in the configuration?
Thanks in advance for your support.
Please answer the following questions for yourself before submitting an issue.
Once OTP enabled, the corresponding checkbox is never checked when opening the User Settings:
I'm creating a pull request with a fix for this shortly.
When going to User settings, the secret and QR will always be displayed.
The user should be shown a field where a one-time code can be entered to disable Google Authenticator again.
TYPO3 9.5.19, PHP 7.2
If I want to enable two factor auth. I receive an cast exception.
TypeError
Return value of CodeFareith\CfGoogleAuthenticator\Handler\GoogleAuthenticatorSetupHandler::hasUserEnabledAuthenticator() must be of the type boolean, integer returned
User settings saved new state.
exception thrown
Platform | Windows |
Browser | Google Chrome 76.0.3809.132 |
Additional Context | typo3 9.5.9 |
PHP | 7.2.20 |
Extension should be compatible with TYPO3 v11 and v12.
It would be great to have a version which is compatible with TYPO3 v10.x
Please answer the following questions for yourself before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.
German translation applied consistently
Missing or wrong translations
For our project I have created German translations myself. I can provide those files if you want.
BTW: I think the wording is not very consistent, ie. sometimes the term "one-time password" is used, while other times it's called "verification code"; I think this can be confusing for users.
Flash messages: as mentioned above, I have provided my own German translations in our project. But when I enable/disable 2FA in the FE, the flash message text is always in English ("Your changes have been saved successfully."), even if I'm in the German FE (and a German translation for key "setup.update.success.body" exists). Something seems to go wrong with the language service in the SetupController I guess? (That's why I classified this issue as a bug.)
Please answer the following questions for yourself before submitting an issue.
The TCA hook checks with hardcoded be_users
, this makes it totally unusable for any other table (fe_users
when we're talking about out-of-the-box support or custom table in case the signal has been implemented).
I see in README
'Enable Google 2FA (two factor authentication) for both, frontend- and backend accounts.'
... but then I see it:
'Unfortunately, de-/activating 2FA for frontend users is not implemented yet.'
...where is correct?
After install the Extension:
It is not possible to edit a user in "Backend User"-Modul anymore.
-> "Oops, an error occurred! Neither the 'issuer' parameter nor the 'accountName' parameter may contain a colon."
So the Manual stop's at open user and no active of 2FA is possible.
System requirements:
TYPO3 8.7.16 (no composer)
PHP 7.1
Enabling google authenticator not working
two factor is enabled
two factor still disabled
typo3 9.5.9
GA config tab appears in be_users for for admins and can be used.
My problem is, that it does not show up in user settings. This is needed if non-admin users want to configure the GA login.
I can see that there is a TCA Override in sys_template.php, which does not have any effect.
(TYPO3 8.7.24)
Hello!
I've just installed your extension from EM (TYPO3 8.7.15) and when accessing the backend user module and EDIT one of the users, I get this error message:
Return value of CodeFareith\CfGoogleAuthenticator\Hook\UserSettings::initializeTemplateView() must be an instance of TYPO3\CMS\Fluid\View\StandaloneView, none returned
Also if i add a return $templateView; to method initializeTemplateView, i get no QR Code in the Backend View!
Kind regards,
Christian
Please answer the following questions for yourself before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.
Trying to open the page with the "Google Two-Factor-Authentication Setup" plugin throws an error
Setup page opens
Error message (shortened): ... must be an instance of CodeFareith\CfGoogleAuthenticator\Controller\Frontend\Context, instance of TYPO3\CMS\Core\Context\Context given ...
Adding use TYPO3\CMS\Core\Context\Context;
fixes the problem
According to composer.json
, this extension should be available off packagist under https://packagist.org/packages/codefareith/cf-google-authenticator
Since this is not published there, it is not possible to install it "easily" with a composer-based TYPO3 installation.
Is it true, that only Admins can enable this Option for Backend users?
If i enable the Plugin in the Backend Group the user only see a blank tab "Google Authenticator". How can i enable the Checkbox in the user Settings for each User/Usergrup?
Thanks.
In my project I am centralizing the management of users into a custom "members" table and I hook into the authentication process (both Backend and Frontend) to check credentials against my custom members table and create/update TYPO3 users dynamically, a bit like when dealing with LDAP authentication.
I would like to add support for 2FA.
Solution
ext_tables.sql
to include your 2 database fieldsif (ExtensionManagementUtility::isLoaded('cf_google_authenticator')) {
\call_user_func(
function () {
ExtensionManagementUtility::addTCAcolumns(
'tx_myext_domain_model_member',
[
'tx_cfgoogleauthenticator_enabled' => [
'exclude' => true,
'label' => PathUtility::makeLocalLangLinkPath(
'be_users.tx_cfgoogleauthenticator_enabled',
'locallang_db.xlf'
),
'config' => [
'type' => 'check'
]
],
'tx_cfgoogleauthenticator_secret' => [
'exclude' => true,
'label' => PathUtility::makeLocalLangLinkPath(
'be_users.tx_cfgoogleauthenticator_secret',
'locallang_db.xlf'
),
'config' => [
'type' => 'user',
'userFunc' => UserSettings::class . '->createSecretField'
]
]
]
);
ExtensionManagementUtility::addToAllTCAtypes(
'tx_myext_domain_model_member',
'tx_cfgoogleauthenticator_enabled,tx_cfgoogleauthenticator_secret',
'',
'after:password' // Add the 2FA after our custom field "password"
);
}
);
}
This effectively shows the 2FA fields. Now, in order to work a bit further and prevent anyone from disabling 2FA for some arbitrary user w/o providing a proper code, we need to extend your method \CodeFareith\CfGoogleAuthenticator\Handler\GoogleAuthenticatorSetupHandler::isUsersTable()
so that the custom members table is considered a "users" table as well.
This is something that can easily be done with a hook there.
I already have a working solution so that the "TCA" part of this feature request is ready. However I know that I will need to somehow invoke your authentication code in my own authentication service and thus I suggest that this ticket is really about implementing support from A to Z and I will possibly suggest some (hopefully) minor additional changes to your extension to support this use case.
Saving a BE user record does not update the fields tx_cfgoogleauthenticator_enabled and tx_cfgoogleauthenticator_secret.
The Enable Google Authenticator field stays checked
The Enable Google Authenticator field is not checked, the fields tx_cfgoogleauthenticator_enabled and tx_cfgoogleauthenticator_secret in the table be_users are not updated.
TYPO3 CMS | 8.7.46 |
DDEV linux container | 1.16.5 |
Nginx | 1.18.0 |
PHP | 7.3.31 |
If I update directly the fields tx_cfgoogleauthenticator_enabled (1) and tx_cfgoogleauthenticator_secret (with the secret key provided when enabling Enable Google Authenticator) in the table be_users the BE loggin works as expected entering the authentication code, so the issue here is that the database is not updated when saving the record and the authentication code is never required.
Please answer the following questions for yourself before submitting an issue.
Cannot activate Google Authenticator for my own backend user account
Go to your backend user settings by clicking "settings" at the top, above "logout"
Every user should be able to activate google authenticator. I cannot do it for 100 people with my admin account.
The tab "Google Authenticator" is shown, but it's empty.
Typo3 8.7.32
Describe the bug
If there is a other extension which also use the use statement
use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
Typo3 will cause a error after the ext_localconf.php files are concat together.
To Reproduce
Steps to reproduce the behavior:
Fatal error: Cannot use TYPO3\CMS\Core\Utility\ExtensionManagementUtility as ExtensionManagementUtility because the name is already in use in /var/cache/code/cache_core/ext_localconf_05e147782991a22d15dff84c7d4bfbf58f60a911.php on line 3587
Frontend User may be related to some other business domain model object as I'm actually using (having a "member" DMO which is mapped to a Backend or a Frontend user from TYPO3 depending on the context).
When the setup controller is being used, thus in the context of a Frontend User, a signal would allow any further processing.
cache produce error.
strict_types should be removed from ext_localconf.php
Fatal error: strict_types declaration must be the very first statement in the script in /var/www/html/var/cache/code/cache_core/ext_localconf_9f9d6f92c02010d691198254786d5dfe61eff9c1.php on line 1847
If you try to save the 2FA settings via the frontend while not logged into the backend, the following exception will be thrown:
TypeError
Return value of CodeFareith\CfGoogleAuthenticator\Controller\Frontend\SetupController::getLanguageService() must be an instance of TYPO3\CMS\Core\Localization\LanguageService, null returned
I'm getting a bunch of deprecation notices whenever I try to add/edit a be_user and I can't enable the checkbox provided by this extension.
TYPO3 Deprecation Notice
Core: Error handler (BE): TYPO3 Deprecation Notice: CodeFareith\CfGoogleAuthenticator\Traits\GeneralUtilityObjectManager will be removed in v1.2.0. in /var/www/html/web/typo3conf/ext/cf_google_authenticator/Classes/Traits/GeneralUtilityObjectManager.php line 39
Also after checking the 2fauth checkbox and saving, TYPO3 backend reloads and the checkbox is unchecked again. I can't properly enable it. Tried including your typoscript template, DB compare but no success.
A checked checkbox that stays checked and activates the 2f auth behavior for the given user.
Unchecked checkbox after checking and saving.
TYPO3 v8.27
If the models FrontendUser and/or BackendUser are extended by a third-party extension, one of the two errors may occur when submitting the 2FA setup forms:
After installing you extension i can't login with accounts without 2FA.
After searching a bit, it seems, that you responseCode in the Service are not correct.
AUTH_FAIL_AND_PROCEED should be 100 according to the documentation.
Maybe you can check it. Sorry, if it is wrong and my fault, just trying to help ;)
For the authUser() method, you will want to take care about the return values. If your service should be the final authority for authentication, it should not only have a high priority, but also return values which stop the service chain (i.e. a negative value for failed authentication, 200 or more for a successful one). On the other hand, if your service is an alternative authentication, but should fall back on TYPO3 CMS if unavailable, you will want to return 100 on failure, so that the default service can take over.
https://docs.typo3.org/typo3cms/CoreApiReference/latest/ApiOverview/Authentication/Index.html#developing-an-authentication-service
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.