Using master now + Ubuntu 18.04 . Could not reproduce it.

Did you do it for superadmin? or another user?

Perhaps someone with a Windows server can also try it.

I will ping @markusfluer here.

I tried it as a superadmin.

I've tested it on Limesurvey version 3.17.13+190824 (ubuntu 16.04, Apache & MariaDB) with plugin version 1.0.1.

"Register 2FA Now" gives the layover. Both tested with google authenticator en authy in combination with the qr code. If I enter the codes (generated by the apps) it's posted to
domainexample.com/index.php/plugins/direct?plugin=TwoFactorAdminLogin&function=directCallConfirmKey
with the response:
For admin user: {"success":false,"message":"The confirmation key is not correct.","data":[]}
For regular user: {"success":false,"message":"No permission for this","data":[]}

Happy to help you further test this but no idea how to further debug.

In my case, after clicking 'Create 2FA binding', the circling icon shows up in a second and stop then nothing happens. It doesn't matter with a correct or wrong key value. It seems like not communicating at all with the App to verify the conformation key.

@PPRI
I also do not see anything in the browser. But via the inspector you can see your request and the server response. It gives a http 200 json response with the above messages.
So in chrome or firefox press F12 to load inspector. Click on the network tab than submit your security code. You'll see your request in response in the network tab!

It seems like 2FA is not working with Limesurvey Version 3.17.16. 2FA was working on Limesurvey Professional hosting service when it had a previous version. Now it has been upgraded to 3.1.7.16 and it is NOT working on it either.

Actually the QRCode can't be create. No response from the http Request. I will take a look !!

@PPRI after installing the GD library for php it seems to work. I can log in without problem . Authy & Google Auth work well .
Please verify if the GD library for PHP is installed!!

Then 2FA must check GD library in https://manual.limesurvey.org/BeforeActivate :)

@DenisChenu Yes!! sure ! But i want @PPRI to confirm me that gd Library was the issue !! @PPRI can you please check if the library is installed ? :)

For me the GD is not the problem. I can see QR code.
GD 2.1.1 is installed and all other image (such as response diagrams etc) are all working.

@jljansen I try it with LS Version 3.17.13 and 3.17.16 and its seems to work fine. Maybe cleanup / uninstall the plugin and reinstall it !!

@jljansen did you test it?

@eddylackmann thx for the reminder.
Updated from version 3.17.13+190824 to 3.18.0+190923.
Disabled the plugin and checked the settings. Noticed that sha1 is the default and decided to test this setting just to be sure! And it works. Tested it with Google Authenticator and Authy!

So algorithm setting with SHA256 gives the problems described by me above!

@eddylackmann I have GD library installed already and I don't see any problem to see/have a GR code.

@jljansen I tried all three algorithm settings but unfortunately no luck to me at all. :-(

@jljansen Google Authentificator doen't support SHA256 now.
@PPRI I think there are somes issue with your installation of LS. I make 4 Installations of LS with different version (also different version of php ) and it works.

@eddylackmann My result is exactly same with jljansen described above.
For admin user: {"success":false,"message":"The confirmation key is not correct.","data":[]}

2FA didn't work at the Limesurvey hosting service either on Sept. 18 when it had Version 3.17.16 before as I mentioned above and I saw it has been upgraded to 3.18.0 now and it's working again on me. Now mine has 3.18.0 also but it is still not working.

I have been using ComfortUpdate and didn't have any problem with my installation setting until this issue. Do you have any suggestion I can check it out what' wrong with my installation?

2FA become required in my organization so I really need to make it works. Any suggestion will be appreciated. Thanks

@PPRI can you please send me the configuration page of your 2FA plugin ?

2FA.JPG (71,353 bytes)   

2FA.JPG (71,353 bytes)   

@eddylackmann My configuration setting is exactly same with your screenshot.

@PPRI can you please write me an email at eddy.lackmann@limesurvey.org?

Unfortunately for me it only works with an admin account.
When I enforce 2FA via plugins a regular users gets a JSON respons: {"success":false,"message":"No permission for this","data":[]} when validating his confirmationKey (direct?plugin=TwoFactorAdminLogin&function=directCallConfirmKey)!

I'm not sure if this is an different issue since it might be related to rights.

@jljansen I will check the permissions !

@PPRI & @jljansen we found some issues in the plugin and fixed it . We will release a new version of the plugin next week !!

• Permission problems fixed (2FA works for all users)
• Encryption problems fixed

Thank you :)

Latest version of the plugin is now available https://www.limesurvey.org/limestore/extensiondetails/49/plugin/two-factor-administration-login

Thank you @edylackmann
I've tested with limesurvey version 3.19.1+191009 with de new version of the plugin.
I can confirm that with SHA1 both authy and google authenticator are working correctly for admin and regular user.

When I set the algorithm to sha256 it does not work with the json response that confirmationKey is not correct.

@jljansen google auth and authy still not support sha256.. Did you really need the sha256 encryption ?

@eddylackmann no I don't need it but I tested it since the encryption problems are fixed.
Clear why it does not work for me (GA & authy)

Thanks a lot :)

@PPRI did the new plugin fixed your issue ?