Skip to content

I don't actually know if this is an Issue, but looks a bit like a crash... #207

Closed
@andrasdee

Description

I have just installed Roundcube and the alexandregz/twofactor_gauthenticator.
First of all, Thank you for doing this, I love fact that I am able to have this functionality, Thanks to you..

To test the 2FA functionality, 2FA is set to be required for everyone and without a whitelist applied.

  1. I am logged out:
    image

  2. I try to log in, with my real account details...

  3. Then I am asked to provide the 2FA Code:
    image

  4. If I get it wrong:
    image

  5. Then, if I click the Back Button - Go backwards one Page - on Firefox:
    image

  6. Then if I click Try Again:
    image

  7. Then if I Click Resend:
    image

  8. Then I get this page, which seems like a Crash, but at the same time the website seems to tell me that everything is fine.

  • "For your protection, access to this resource is secured against CSRF." - so sounds like my data was protected.

  • "If you see this, you probably didn't log out before leaving the web application." - I thought I didn't even log in, because I got the 2FA code wrong.

  • "Human interaction is now required to continue." ??

  • "Please contact your server administrator." - so is there a problem?

  • The website looks as it had just been logged into, but at the same time login has failed somehow.

  • The [Dark Mode] Button works, as of toggles the website between Dark Mode and Light Mode.
    image

  • The [About] Button opens up another sub-session of login:
    image

  • The [Logout] Button makes it look as if I had just logged out, by clicking it. But of course I thought I wasn't logged in.

  • The [Compose], [Mail], [Contacts] & [Settings] Buttons all terminate this "broken" looking state and put me back to the login page, by saying: "Your session is invalid or has expired.".

Not sure if this should be a question to the people who maintain the Roundcube Code, or a question to you the creator of this 2FA Plugin, but the question is :
Is there anything to worry about regarding the above behaviour?

Roundcube version 1.6.8

Thank you very much, I really appreciate the work that has gone into all of this, the Roundcube Webmail & this 2FA plugin both.
Andras

Activity

EpeR1

EpeR1 commented on Jan 28, 2025

@EpeR1

Try to add $rcmail = rcmail::get_instance(); to twofactor_gauthenticator.php in line 544.
#216 (comment)
Like:

// log error into $_logs_file directory
  private function __logError()
  {
    $rcmail = rcmail::get_instance();
    $_log_dir = $rcmail->config->get('log_dir');
    file_put_contents($_log_dir.'/'.$this->_logs_file, date("Y-m-d H:i:s")."|".$_SERVER['HTTP_X_FORWARDED_FOR']."|".$_SERVER['REMOTE_ADDR']."\n", FILE_APPEND);
  }
added a commit that references this issue on Feb 19, 2025
cd83a20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      I don't actually know if this is an Issue, but looks a bit like a crash... · Issue #207 · alexandregz/twofactor_gauthenticator