Description
I have just installed Roundcube and the alexandregz/twofactor_gauthenticator.
First of all, Thank you for doing this, I love fact that I am able to have this functionality, Thanks to you..
To test the 2FA functionality, 2FA is set to be required for everyone and without a whitelist applied.
-
I try to log in, with my real account details...
-
Then, if I click the Back Button - Go backwards one Page - on Firefox:
-
Then I get this page, which seems like a Crash, but at the same time the website seems to tell me that everything is fine.
-
"For your protection, access to this resource is secured against CSRF." - so sounds like my data was protected.
-
"If you see this, you probably didn't log out before leaving the web application." - I thought I didn't even log in, because I got the 2FA code wrong.
-
"Human interaction is now required to continue." ??
-
"Please contact your server administrator." - so is there a problem?
-
The website looks as it had just been logged into, but at the same time login has failed somehow.
-
The [Dark Mode] Button works, as of toggles the website between Dark Mode and Light Mode.
-
The [Logout] Button makes it look as if I had just logged out, by clicking it. But of course I thought I wasn't logged in.
-
The [Compose], [Mail], [Contacts] & [Settings] Buttons all terminate this "broken" looking state and put me back to the login page, by saying: "Your session is invalid or has expired.".
Not sure if this should be a question to the people who maintain the Roundcube Code, or a question to you the creator of this 2FA Plugin, but the question is :
Is there anything to worry about regarding the above behaviour?
Roundcube version 1.6.8
Thank you very much, I really appreciate the work that has gone into all of this, the Roundcube Webmail & this 2FA plugin both.
Andras
Activity
EpeR1 commentedon Jan 28, 2025
Try to add
$rcmail = rcmail::get_instance();
to twofactor_gauthenticator.php in line 544.#216 (comment)
Like:
Fix error in __logError