minagerges / modx-googleauthenticatorx Goto Github PK
View Code? Open in Web Editor NEWAdd 2-factor authentication to MODX manager login.
License: GNU General Public License v3.0
Add 2-factor authentication to MODX manager login.
License: GNU General Public License v3.0
Several times the code makes calls to the log. However as of PHP greater than v7.3.x this will result in errors.
Solution is to have the debug, warn info and error statements all set as a literal 'debug','warn','info','error'
Provide error log: PHP warning: Use of undefined constant warn - assumed 'warn' (this will throw an Error in a future version of PHP)
If you wish to delete the manage URL from the URI, you have to alter both the PHP class and the snippet GAxUserQRCode
Include "authentication key" field in manager log-in popup windows.
When MODX is installed in a subdirectory the URL duplicates the subdirectory part:
otpauth://totp/admin::http://localhost/revo231//revo231/working/?secret=H5BOBZZ2F7PUJ5RI&issuer=Revo+2.3.1+Local...
Note the extra /revo231/ in there. I had my "manager" folder renamed to "working" in this installation.
Several calls to $this->log()
in googleauthenticator.class.php
use unquoted strings for the first argument.
This causes the following PHP Warning to be thrown in PHP >=7.4 when a log is attempted:
PHP warning: Use of undefined constant debug - assumed 'debug' (this will throw an Error in a future version of PHP)
Line | Code |
---|---|
70 | $this->log(warn, $msg); |
80 | $this->log(error, $msg); |
96 | $this->log(error, $msg); |
102 | $this->log(debug, $msg); |
111 | $this->log(warn, "No user was found with ID:$userid"); |
119 | $this->log(debug, "Loading user by name:($username)"); |
128 | $this->log(warn, "No user was found with name:($username)"); |
156 | $this->log(error, "Invalid stored IV, for user:({$this->UserName}) id:{$this->UserID}"); |
162 | $this->log(error, "Invalid secret for user:({$this->UserName}) id:{$this->UserID}"); |
169 | $this->log(debug, "Data loaded for user:({$this->UserName}) id:{$this->UserID}"); |
172 | $this->log(error, "No Google Authenticator data were found for user:({$this->UserName}) id:{$this->UserID}"); |
182 | $this->log(debug, "Not a valid secret:$secret for user:({$this->UserName}) id:{$this->UserID}"); |
194 | $this->log(debug, "Settings saved for user:({$this->UserName}) id:{$this->UserID}"); |
198 | $this->log(debug, "Creating new default settings for user:({$this->UserName}) id:{$this->UserID}"); |
224 | $this->log(info, "gax_disabled usersetting loaded for user:({$this->UserName}) id:{$this->UserID}"); |
236 | $this->log(info, "gax_courtesy_enabled usersetting loaded with value {$usersettings['gax_courtesy_enabled']} for user:({$this->UserName}) id:{$this->UserID}"); |
240 | $this->log(debug, "Applying Global Courtesy logging value:{$GlobalCourtesyStatus}"); |
247 | $this->log(info, "User is in courtesy mode - user:({$this->UserName}) id:{$this->UserID}"); |
256 | $this->log(info, "Resetting courtesy status - user:({$this->UserName}) id:{$this->UserID}"); |
266 | $this->log(info, "Creating gax_disabled userSetting - user:({$this->UserName}) id:{$this->UserID}"); |
277 | $this->log(info, "Changing gax_disabled userSetting to:($status) - user:({$this->UserName}) id:{$this->UserID}"); |
325 | $this->log(error, 'Created encryption key in system settings!'); |
330 | $this->log(error, 'Invalid encryption key in system settings! Value was reset.'); |
Replace the first argument in each function call with a quoted string.
This would be consistent with the only other function call in the class (Line 47: $this->log('error', 'Invalid encryption key returned by "getOption", validating global setting...');
);
When I scan the code with Google Authenticator on iPhone 6+ I get an error message:
The barcode 'otpauth://totp/admin2::http://abc.com/manager/?secret=GX43RANDOM&issuer=MODx Revolution' is not a valid authentication token barcode.
schema required.
Non sudo users with permission to control users should be able to reset & get users secrets.
Change encryption cypher to a stronger one.
TODO: Re-encrypt data in DB during update.
Users retrieve qr-code processor must validate (InCourtesy || 'gax_profile_enabled')
Store QR-code locally.A
Create QR-codes locally instead of depending on Google API!!
I've been testing this extra on MODX 3.0.3
It seems to install OK and works to a point.
However, as far as I can see the QR code is either not generated or not displayed for the user and there is therefore no way to set up the authenticator app.
I'd love to see this extra working on MODX3.
Add option during installation to email users about the new log-in procedure.
Add a text field system setting to allow admin to override the issuer value.
Log important changes to manager-actions.
Include "Authentication key" in manager log-in page in lexicon.
QR codes generated using the following API are no longer working; apparently Google marked the API as deprecated in 2012 and in Jan 2024 started phasing it out.
https://chart.googleapis.com/chart
Suggest migrating to an alternative such as:
https://qrcode.tec-it.com/
When admin open a user profile and click reset secret, all user's extended fields are wiped.
Attention: If you have other data stored in "Extended Fields" do not reset user secret.
This will be fixed in next release ASAP.
As the underlaying process is the same I tested this extra with the Microsoft Authenticator app on Android.
And it works flawlessly.
Tested on:
Could be useful, if this Extra mentions this compatibility (or even change its name).
I've been using MODX-GoogleAuthenticatorX for a while now and it has been working very well. However, earlier today I had to upgrade MODx to 2.5.6-pl, so I went into settings and disabled the authentication, ran the upgrade (which went fine), logged in and re-enabled the authentication.
I now cant log in at all. I keep getting the "Invalid authentication key." error.
I signed into the database remotely and changed the gax_disabled setting to 1, in the hope of being able to log in but that didn't work either and the Authentication Key field is still visible on the login form and I have verified that the setting is definitely 1.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.