Two-factor 0.14.2 works, 0.15.0 doesn’t

  • Imageeppi

    (@edwardpiou)


    2 months ago

    I upgraded Two-factor to version 0.15.0 on multiple sites recently; users were then not able to login using their previously-created 2FA. The error they get when using a code from an authenticator app:

    ERROR: Invalid verification code.

    Reverting to 0.14.2, logging in works again. Using PHP version 8.4.18, WordPress 6.9.1.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Imagestudiobrabo

    (@studiobrabo)

    1 month, 3 weeks ago

    We are experiencing the same issue on one of our sites. However, other sites using the same technology are working correctly with version 0.15.

    Plugin Author ImageJeffrey Paul

    (@jeffpaul)

    1 month, 3 weeks ago

    Can either of you provide more information about your WP setup so we can try and better triage?

    Imagestudiobrabo

    (@studiobrabo)

    1 month, 3 weeks ago

    @jeffpaul I would love too but as I mentioned the update works on all sites except this one. The setups are almost identical so it must be because of a small different.

    One thing I can think of is that this site is using a WPML setup with multiple domain names.

    Your WordPress version is up to date (6.9.1)

    Your PHP version is secured (8.3.23)

    Thread Starter Imageeppi

    (@edwardpiou)

    1 month, 3 weeks ago

    WordPress 6.9.1, PHP 8.4.18, MariaDB 11.8.6, Apache 2.4.66, running on FreeBSD 14.3

    I tested things by disabling all plugins except Two Factor, and switching the theme to Twenty Twenty-Five, and the error persisted for Two Factor 0.15.0.

    Here are the relevant two-factor database entries for one of the users, anonymized (some info replaced with *s):

    | _two_factor_fido_u2f_register_request  | O:29:"u2flib_server\RegisterRequest":3:{s:7:"version";s:6:"U2F_V2";s:9:"challenge";s:43:"*******************************************";s:5:"appId";s:34:"https://example.com";} |
    | _two_factor_totp_key                   | ************************** |
    | _two_factor_enabled_providers          | a:1:{i:1;s:15:"Two_Factor_Totp";} |
    | _two_factor_totp_last_successful_login | 1770775320 |
    | _two_factor_provider                   | Two_Factor_Totp |
    | _two_factor_last_login_failure         | 1771981209 |
    | _two_factor_failed_login_attempts      | 7 |
    | _two_factor_nonce                      | a:2:{s:10:"expiration";i:1771981844;s:3:"key";s:32:"********************************";} |

    No problems showing up in the server logs.

    • This reply was modified 1 month, 3 weeks ago by Imageeppi.
    Imagetherab

    (@therab)

    1 month, 3 weeks ago

    On our system, we see constant login dialogs now, after each and every click in the admin.
    That’s really bad. Makes the system unusable. No error in the logs, but this behaviour is a bug.
    V 0.15.0

    Imagestudiobrabo

    (@studiobrabo)

    3 weeks, 1 day ago

    I have update to version 0.16.0 but the problem remains on one site. After every inlog you see the admin screen but the second link you click you have been logged out.

    ImageHanns

    (@hannsn)

    2 weeks, 5 days ago

    Same for us, after successful login, every second click logs us out.

    We too are using WPML setup with multiple domain names.
    Maybe this is the problem.

    The version 0.14.2 is working.

    Plugin Contributor ImageBrian Haas

    (@masteradhoc)

    2 weeks, 4 days ago

    @therab @edwardpiou any chance your also using a multi-domain / multi-language setup with WPML or a similar plugin?

    Thread Starter Imageeppi

    (@edwardpiou)

    2 weeks, 4 days ago

    Nope, not using multi-domain/multi-language in general. Also, as noted, the problem still happened when I deactivated all plugins and switched to the Twenty Twenty-Five theme.

Viewing 9 replies - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.