2-Factor Authentication

[boozhloo2]

Hello,

I've been trying to setup a 2-faction authenticator on the admin panel to no avail. I tried the email, but I'm not receiving any emails. I've setup SMTP using google's SMTP host ssl://smtp.gmail.com on port 465, that didn't work. After a couple of tries, I decided moving to google's authenticator. That didn't work either. What I get after scanning the code & punching in the 6 digit verification code is the following:

The code you entered is invalid (tried a couple of times with different codes)

 

[Basti]

For the email, try the to leave out the ssl:// part, it is setup internally. Also i im not sure out of my head, but i remember our code had issues with ssl, try the tls port instead, 587 i think it was?

regarding the authenticator, can you check if you have any of these functions on your host?
in order of preference
random_bytes
mcrypt_create_iv
openssl_random_pseudo_bytes

quick test, make an empty test.php file and paste. then call this file via browser

<?php

if (function_exists('random_bytes')) {
    echo 'random_bytes';
} elseif (function_exists('mcrypt_create_iv')) {
     echo 'mcrypt_create_iv';
} elseif (function_exists('openssl_random_pseudo_bytes')) {
    echo 'openssl_random_pseudo_bytes';
}
else {
     echo 'none';
}

 

[boozhloo2]

For the email, try the to leave out the ssl:// part, it is setup internally. Also i im not sure out of my head, but i remember our code had issues with ssl, try the tls port instead, 587 i think it was?

regarding the authenticator, can you check if you have any of these functions on your host?
in order of preference
random_bytes
mcrypt_create_iv
openssl_random_pseudo_bytes

quick test, make an empty test.php file and paste. then call this file via browser

<?php

if (function_exists('random_bytes')) {
    echo 'random_bytes';
} elseif (function_exists('mcrypt_create_iv')) {
     echo 'mcrypt_create_iv';
} elseif (function_exists('openssl_random_pseudo_bytes')) {
    echo 'openssl_random_pseudo_bytes';
}
else {
     echo 'none';
}

Thanks for the response Basti! I've tried 2 ports, possibly all 3, not quite sure.. I'll be trying the 587 one again regardless. 465 & 25 I'm sure I've tried, they seemed not to work with visio (unless of course something else is amiss here)

test.php returns "random_bytes"

 

[Basti]

yea, tls ports is usually 587, 25 is usually not used cause its used for relaying and 587 for the actual sending. 25 is often blocked by hosting when used to send mail.
465 does not work, or rather never worked i believe, cause we hardcoded the email script to use tls.
Would be no big change to simply make another setting next to port, to use tls or ssl and make the email script choose it setting based on selection provided. Will add that to our to-do list

Authenticator, good newest php function is enabled.
Can you try authenticator using a test user account? if that one works, admin is bugged ( though it worked fine when it was coded )
If that also not works for users, the issue is somewhere else

 

[boozhloo2]

The authenticator seems to be working for the AP (haven't tried for UCP but I imagine it should be working). The setting of a new password is still bust (pw reset). It doesn't seem to send any emails when users try to reset it.

Current SMTP settings:
smtp.gmail.com (removed "ssl://" part)
my_gmail@gmail.com
my_stmp_password
587 SMTP Port

Double checked for typos and all that. Ports 465 & 587 are open.

 

[Mark]

I just tested the password reset with your exact settings, the function fired as normal, I did get a warning from Gmail that they blocked the request. But once I approved it the password reset email came through as expected.

 

[Basti]

Does your hosting provider / or yourself have setup proper dns records for email spam validation?
you will need to have SPF and Dkim. These are 100% required these days and often emails are straight out rejected if the mail does not pass spf/dkim checks.
Easiest way would be to ask your host to set them up for you
If your domain uses proxies, like cloudflare, you would have to duplicate those dns records into cloudflare dns setup

 

[boozhloo2]

I just tested the password reset with your exact settings, the function fired as normal, I did get a warning from Gmail that they blocked the request. But once I approved it the password reset email came through as expected.

Has this also worked for user reset passwords? I got that email only for the AP 2-faction authenticator. I'll give it another run to double check.

Does your hosting provider / or yourself have setup proper dns records for email spam validation?
you will need to have SPF and Dkim. These are 100% required these days and often emails are straight out rejected if the mail does not pass spf/dkim checks.
Easiest way would be to ask your host to set them up for you
If your domain uses proxies, like cloudflare, you would have to duplicate those dns records into cloudflare dns setup

I'll be looking into them to get a better picture

 

[Mark]

Has this also worked for user reset passwords? I got that email only for the AP 2-faction authenticator. I'll give it another run to double check.



I'll be looking into them to get a better picture

Yes I confirmed that user passwords email sent as normal in all circumstances.

 

[boozhloo2]

Yes I confirmed that user passwords email sent as normal in all circumstances.

That's odd, I've tried 3 times still haven't received the email. It probably has something to do with what Basti suggested. I'll look into it and get back to you.