Support

Admin Tools

#13908 Two-Factor Auth do not stop to login...

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by user9198 on Saturday, 20 October 2012 02:25 CDT

Saturday, 20 October 2012 01:45 CDT

user9198
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? YES
Have I searched the tickets before posting? YES
Have I read the documentation before posting (which pages?)? YES
Joomla! version: 2.5.7
PHP version: 5.3.2-1ubuntu4.18 (production) + 5.3.2 (locally)
MySQL version: 5.1.61-0ubuntu0.10.04.1 (production) - 5.1.46 (locally)
Host: Gigas.com (CGI/FastCGI/fcgid_mod) + Joomlas2Go! Multisite Pack (locally)
Admin Tools version: rev5464ADE (production) + 2.4.0 (locally)

Description of my issue:
SCENARIO: Two-Factor Authtentication enabled on both servers (same site built-in inside each one)
HOW TO REPRODUCE THE REPORTED ISSUE: - Go to backend and login with username & password leaving 'blank' and untouched the Security Code' field and hit 'Enter'... Then you will access your Backend Area without problem.
Note: If you enter a wrong code, then will not get access
CONCLUSION: Two-Factor Auth is not adding additional protection if 'security code' code filed is ignored when login at the backend area.

Hope this helps,
Rgrds,

Saturday, 20 October 2012 01:53 CDT

nicholas
Status: Cannot replicate / not a bug

Test methodology: Blank Joomla! 2.5.7 installation with default sample content. Admin Tools Professional 2.4.0 was freshly installed on the site. Two-Factor Authentication set up as per documentation instructions. Log off from the site. In the login page a valid username/password was entered and the Security Code left blank. Hitting ENTER in ay of the three fields or clicking on the Login button results in the user being redirected back to the site's front page. Doing the same but also entering an invalid Security Code has the same results. Doing the same but entering a valid Security Code allows log in.

Perhaps you have to retry installing Admin Tools Professional?

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 20 October 2012 01:54 CDT

nicholas
PS: Two factor authentication may not work with non-standard templates or when specific system plugins override the login procedure used by Joomla!. Since you are using a multi-site solution I'd guess that it's using either a core hack or a set of system plugins to override Joomla!'s login procedure, causing this issue.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 20 October 2012 02:06 CDT

user9198
- Re-installed now (twice) on production and locally same versions a s reported earlier.
- Isssue not solved.
- Backend template: Mission Control (both sites)
>> Seems there is no other way that to create a new . temp. SU on my 'real' procution site to allow you the login leaving untouched the Two-Factor 'security Code field.
- I'll email you your temp. SU credentials
Stay tuned
Rgrds,

Saturday, 20 October 2012 02:12 CDT

nicholas
As I said, you are using a multi-site solution. As I said, it probably overrides Joomla!'s user authentication process. As I said, on normal sites (which don't use a third party multi-site solution) my code works. What I haven't said but I am saying now is that I have tested Two Factor Auth with Mission Control and it DOES work.

As a result you have an issue because Admin Tools depends on Joomla!'s user authentication working as Joomla! intended it to work. Since you have a third party solution hijacking the authentication procedure I cannot guarantee that it will work. It is not a bug in Admin Tools. You are simply trying to use it in a setup which is not supported.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 20 October 2012 02:12 CDT

user9198
Two factor authentication may not work with non-standard templates
>> Using RocketTheme MissionControl backend template

or when specific system plugins override the login procedure used by Joomla!
>> No other login procedure enabled

Since you are using a multi-site solution I'd guess that it's using either a core hack or a set of system plugins to override Joomla!'s login procedure, causing this issue.
>> It is not under a mutisite solution and not one core hack is set

Saturday, 20 October 2012 02:13 CDT

nicholas
Sorry, I can't help you. It works on everybody else's site.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 20 October 2012 02:21 CDT

user9198
then ... do you wish to test lomgin in on my backend or... you feel it is not needed?

Saturday, 20 October 2012 02:23 CDT

nicholas
I don't think that there's a point in having login access to that site. It will only tell me that this feature doesn't work on your site. Even if I have FTP access to the site as well all I will be able to do is tell you which system, user or authentication plugin interferes. Is there a point spending an hour to end up telling you what I already know?

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 20 October 2012 02:25 CDT

user9198
Already sent...
Ok! ignore it... I will delete your temp. SU credentials.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!