View Issue Details

IDProjectCategoryView StatusLast Update
15265Bug reports[All Projects] Pluginspublic2019-10-18 10:08
ReporterPPRI Assigned Toeddylackmann  
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Product Version3.17.x 
Target VersionFixed in Version 
Summary15265: 2FA is not working on Limesurvey CE with a downloaded plug-in
Description

I am using both Limesurvey Professional(Hosted Service by Limesurvey) and Limesurvey CE( installed on our server). 2FA is working fine on Limesurvey Professional but it's not working as expected on Limesurvery CE after installing 2FA plug-in download version 1.0.1, which was released on 2019-05-22.

Steps To Reproduce

After downloading a 2FA plug-in, I coped a whole upzipped folder under the plugins folder on my instance. 2FA Personal settings --> Register 2FA now --> barcode scanned --> confirmationKey typed in -> Click 'Create 2FA binding. After this, no responding at all.

I tried Google Authenticator and Duo but same, both no response after clicking Create 2FA binding.

TagsNo tags attached.
Complete LimeSurvey version number (& build)Version 3.17.16+190906
I will donate to the project if issue is resolvedNo
BrowserGoogle Chrome
Database & DB-Version359
Server OS (if known)Windows Server 2016
Webserver software & version (if known)IIS 10
PHP Version7.3.9

Activities

cdorin

cdorin

2019-09-12 12:05

manager   ~53560

Using master now + Ubuntu 18.04 . Could not reproduce it.

Did you do it for superadmin? or another user?

Perhaps someone with a Windows server can also try it.

I will ping @markusfluer here.

PPRI

PPRI

2019-09-12 23:11

reporter   ~53562

I tried it as a superadmin.

jljansen

jljansen

2019-09-13 15:10

reporter   ~53567

I've tested it on Limesurvey version 3.17.13+190824 (ubuntu 16.04, Apache & MariaDB) with plugin version 1.0.1.

"Register 2FA Now" gives the layover. Both tested with google authenticator en authy in combination with the qr code. If I enter the codes (generated by the apps) it's posted to
domainexample.com/index.php/plugins/direct?plugin=TwoFactorAdminLogin&function=directCallConfirmKey
with the response:
For admin user: {"success":false,"message":"The confirmation key is not correct.","data":[]}
For regular user: {"success":false,"message":"No permission for this","data":[]}

Happy to help you further test this but no idea how to further debug.

PPRI

PPRI

2019-09-13 17:18

reporter   ~53568

In my case, after clicking 'Create 2FA binding', the circling icon shows up in a second and stop then nothing happens. It doesn't matter with a correct or wrong key value. It seems like not communicating at all with the App to verify the conformation key.

jljansen

jljansen

2019-09-15 20:54

reporter   ~53574

@PPRI
I also do not see anything in the browser. But via the inspector you can see your request and the server response. It gives a http 200 json response with the above messages.
So in chrome or firefox press F12 to load inspector. Click on the network tab than submit your security code. You'll see your request in response in the network tab!

PPRI

PPRI

2019-09-18 18:00

reporter   ~53644

It seems like 2FA is not working with Limesurvey Version 3.17.16. 2FA was working on Limesurvey Professional hosting service when it had a previous version. Now it has been upgraded to 3.1.7.16 and it is NOT working on it either.

eddylackmann

eddylackmann

2019-09-23 15:02

developer  

Error.JPG (80,997 bytes)
Error.JPG (80,997 bytes)
eddylackmann

eddylackmann

2019-09-23 15:03

developer   ~53685

Actually the QRCode can't be create. No response from the http Request. I will take a look !!

eddylackmann

eddylackmann

2019-09-23 15:28

developer   ~53686

@PPRI after installing the GD library for php it seems to work. I can log in without problem . Authy & Google Auth work well .
Please verify if the GD library for PHP is installed!!

DenisChenu

DenisChenu

2019-09-23 15:57

developer   ~53687

Then 2FA must check GD library in https://manual.limesurvey.org/BeforeActivate :)

eddylackmann

eddylackmann

2019-09-24 12:12

developer   ~53696

@DenisChenu Yes!! sure ! But i want @PPRI to confirm me that gd Library was the issue !! @PPRI can you please check if the library is installed ? :)

jljansen

jljansen

2019-09-24 12:21

reporter   ~53697

For me the GD is not the problem. I can see QR code.
GD 2.1.1 is installed and all other image (such as response diagrams etc) are all working.

eddylackmann

eddylackmann

2019-09-24 12:35

developer   ~53698

@jljansen I try it with LS Version 3.17.13 and 3.17.16 and its seems to work fine. Maybe cleanup / uninstall the plugin and reinstall it !!

eddylackmann

eddylackmann

2019-09-30 17:05

developer   ~53787

@jljansen did you test it?

jljansen

jljansen

2019-09-30 21:40

reporter   ~53791

@eddylackmann thx for the reminder.
Updated from version 3.17.13+190824 to 3.18.0+190923.
Disabled the plugin and checked the settings. Noticed that sha1 is the default and decided to test this setting just to be sure! And it works. Tested it with Google Authenticator and Authy!

So algorithm setting with SHA256 gives the problems described by me above!

PPRI

PPRI

2019-09-30 22:44

reporter   ~53793

@eddylackmann I have GD library installed already and I don't see any problem to see/have a GR code.

@jljansen I tried all three algorithm settings but unfortunately no luck to me at all. :-(

eddylackmann

eddylackmann

2019-10-01 18:01

developer   ~53812

@jljansen Google Authentificator doen't support SHA256 now.
@PPRI I think there are somes issue with your installation of LS. I make 4 Installations of LS with different version (also different version of php ) and it works.

PPRI

PPRI

2019-10-01 21:14

reporter   ~53817

@eddylackmann My result is exactly same with jljansen described above.
For admin user: {"success":false,"message":"The confirmation key is not correct.","data":[]}

2FA didn't work at the Limesurvey hosting service either on Sept. 18 when it had Version 3.17.16 before as I mentioned above and I saw it has been upgraded to 3.18.0 now and it's working again on me. Now mine has 3.18.0 also but it is still not working.

I have been using ComfortUpdate and didn't have any problem with my installation setting until this issue. Do you have any suggestion I can check it out what' wrong with my installation?

2FA become required in my organization so I really need to make it works. Any suggestion will be appreciated. Thanks

eddylackmann

eddylackmann

2019-10-02 17:48

developer   ~53859

@PPRI can you please send me the configuration page of your 2FA plugin ?



2FA.JPG (71,353 bytes)
2FA.JPG (71,353 bytes)
PPRI

PPRI

2019-10-02 17:50

reporter   ~53860

@eddylackmann My configuration setting is exactly same with your screenshot.

eddylackmann

eddylackmann

2019-10-04 09:32

developer   ~53875

@PPRI can you please write me an email at eddy.lackmann@limesurvey.org?

jljansen

jljansen

2019-10-10 12:38

reporter   ~53983

Unfortunately for me it only works with an admin account.
When I enforce 2FA via plugins a regular users gets a JSON respons: {"success":false,"message":"No permission for this","data":[]} when validating his confirmationKey (direct?plugin=TwoFactorAdminLogin&function=directCallConfirmKey)!

I'm not sure if this is an different issue since it might be related to rights.

eddylackmann

eddylackmann

2019-10-10 12:50

developer   ~53984

@jljansen I will check the permissions !

eddylackmann

eddylackmann

2019-10-10 15:12

developer   ~53987

Last edited: 2019-10-10 15:15

View 2 revisions

@PPRI & @jljansen we found some issues in the plugin and fixed it . We will release a new version of the plugin next week !!

  • Permission problems fixed (2FA works for all users)
  • Encryption problems fixed

Thank you :)

eddylackmann

eddylackmann

2019-10-10 15:36

developer   ~53988

Latest version of the plugin is now available https://www.limesurvey.org/limestore/extensiondetails/49/plugin/two-factor-administration-login

jljansen

jljansen

2019-10-10 21:30

reporter   ~53995

Thank you @edylackmann
I've tested with limesurvey version 3.19.1+191009 with de new version of the plugin.
I can confirm that with SHA1 both authy and google authenticator are working correctly for admin and regular user.

When I set the algorithm to sha256 it does not work with the json response that confirmationKey is not correct.

eddylackmann

eddylackmann

2019-10-10 21:35

developer   ~53996

@jljansen google auth and authy still not support sha256.. Did you really need the sha256 encryption ?

jljansen

jljansen

2019-10-10 21:38

reporter   ~53997

@eddylackmann no I don't need it but I tested it since the encryption problems are fixed.
Clear why it does not work for me (GA & authy)

Thanks a lot :)

eddylackmann

eddylackmann

2019-10-17 11:05

developer   ~54075

@PPRI did the new plugin fixed your issue ?

Issue History

Date Modified Username Field Change
2019-09-10 23:46 PPRI New Issue
2019-09-11 18:02 cdorin Assigned To => cdorin
2019-09-11 18:02 cdorin Status new => assigned
2019-09-12 12:05 cdorin Note Added: 53560
2019-09-12 23:11 PPRI Note Added: 53562
2019-09-13 15:10 jljansen Note Added: 53567
2019-09-13 17:18 PPRI Note Added: 53568
2019-09-15 20:54 jljansen Note Added: 53574
2019-09-18 18:00 PPRI Note Added: 53644
2019-09-23 13:03 eddylackmann Assigned To cdorin => eddylackmann
2019-09-23 15:01 eddylackmann Status assigned => confirmed
2019-09-23 15:02 eddylackmann File Added: Error.JPG
2019-09-23 15:03 eddylackmann Note Added: 53685
2019-09-23 15:28 eddylackmann Status confirmed => feedback
2019-09-23 15:28 eddylackmann Note Added: 53686
2019-09-23 15:57 DenisChenu Note Added: 53687
2019-09-24 12:12 eddylackmann Note Added: 53696
2019-09-24 12:21 jljansen Note Added: 53697
2019-09-24 12:35 eddylackmann Note Added: 53698
2019-09-30 17:05 eddylackmann Note Added: 53787
2019-09-30 21:40 jljansen Note Added: 53791
2019-09-30 22:44 PPRI Note Added: 53793
2019-09-30 22:44 PPRI Status feedback => assigned
2019-10-01 18:01 eddylackmann Note Added: 53812
2019-10-01 21:14 PPRI Note Added: 53817
2019-10-02 17:47 eddylackmann Status assigned => feedback
2019-10-02 17:48 eddylackmann File Added: 2FA.JPG
2019-10-02 17:48 eddylackmann Note Added: 53859
2019-10-02 17:50 PPRI Note Added: 53860
2019-10-02 17:50 PPRI Status feedback => assigned
2019-10-04 09:32 eddylackmann Note Added: 53875
2019-10-10 12:38 jljansen Note Added: 53983
2019-10-10 12:50 eddylackmann Note Added: 53984
2019-10-10 15:12 eddylackmann Note Added: 53987
2019-10-10 15:15 eddylackmann Note Edited: 53987 View Revisions
2019-10-10 15:36 eddylackmann Note Added: 53988
2019-10-10 15:37 eddylackmann Status assigned => testing
2019-10-10 21:30 jljansen Note Added: 53995
2019-10-10 21:35 eddylackmann Note Added: 53996
2019-10-10 21:38 jljansen Note Added: 53997
2019-10-17 11:05 eddylackmann Note Added: 54075
2019-10-18 10:08 eddylackmann Status testing => resolved
2019-10-18 10:08 eddylackmann Resolution open => fixed
2019-10-18 10:08 eddylackmann Status resolved => closed