[nodebb-plugin-2factor] Two-Factor Authentication

julian

Good to hear it @revunix

I hope to add support for reset keys and ACP deactivation, as currently, if you lose your device, you won't be able to bypass

drew

@julian I recently had my phone smashed by a drunk friend (I could just make out the numbers on a flickering screen) and discovered how terrible the "reset code" or "add code to another device" situation is with a new phone on sooo many websites where I had 2FA, even if you can get in with your current one.

Robert

@drew Indeed, I don't know how many support tickets I will need to make for all the sites where I use 2 factor auth, 3 Google accounts, Steam, Cloudflare and much more...

Anyways 2FA looks nice.

julian

Published an update. (Changelog in OP)

@drew @kowlin At least now the administrator can reset TFA keys, although getting in touch with the admin is another matter altogether

Nicholas "LB" Braden

Are backup codes supported now btw? I see a closed GitHub issue for them, which suggests they are.

julian

@LB Yep, they are, although they are generated only when you start the 2FA setup process, so you will want to disable 2FA, trash your record, and re-generate one. The backup codes will be displayed a single time for you to record.

cookieman768

When I scan this with Authy or Google Authenticator it says "QR code is invalid" no matter how many times I create a new one. Is there a fix?

Alex Bro

@cookieman768 The same situation(((

Yosimoto

Plug-ins no longer work with the version «1.7.5».

julian

@ilya Can you elaborate on what doesn't work? Saying "no longer work" doesn't help narrow down any problems.

Yosimoto

@julian The problem was solved with FreeOTP Authenticator (Android).

phenomlab

@ilya This plugin no longer works with 1.17. Error below

2021-04-23T13:18:12.371Z [4567/469428] - error: uncaughtException: Failed to lookup view "admin/dashboard" in views directory "/home/phenomlab/nodebb/build/public/templates"
Error: Failed to lookup view "admin/dashboard" in views directory "/home/phenomlab/nodebb/build/public/templates"
    at Function.render (/home/phenomlab/nodebb/node_modules/express/lib/application.js:580:17)
    at ServerResponse.render (/home/phenomlab/nodebb/node_modules/express/lib/response.js:1012:7)
    at /home/phenomlab/nodebb/src/middleware/render.js:89:11
    at new Promise (<anonymous>)
    at renderContent (/home/phenomlab/nodebb/src/middleware/render.js:88:10)
    at ServerResponse.renderOverride [as render] (/home/phenomlab/nodebb/src/middleware/render.js:64:14)
    at processTicksAndRejections (node:internal/process/task_queues:96:5) {"error":{"view":{"defaultEngine":"tpl","ext":".tpl","name":"admin/dashboard","root":"/home/phenomlab/nodebb/build/public/templates"}},"stack":"Error: Failed to lookup view \"admin/dashboard\" in views directory \"/home/phenomlab/nodebb/build/public/templates\"\n    at Function.render (/home/phenomlab/nodebb/node_modules/express/lib/application.js:580:17)\n    at ServerResponse.render (/home/phenomlab/nodebb/node_modules/express/lib/response.js:1012:7)\n    at /home/phenomlab/nodebb/src/middleware/render.js:89:11\n    at new Promise (<anonymous>)\n    at renderContent (/home/phenomlab/nodebb/src/middleware/render.js:88:10)\n    at ServerResponse.renderOverride [as render] (/home/phenomlab/nodebb/src/middleware/render.js:64:14)\n    at processTicksAndRejections (node:internal/process/task_queues:96:5)","exception":true,"date":"Fri Apr 23 2021 14:18:12 GMT+0100 (British Summer Time)","process":{"pid":469428,"uid":1000,"gid":1000,"cwd":"/home/phenomlab/nodebb","execPath":"/usr/bin/node","version":"v16.0.0","argv":["/usr/bin/node","/home/phenomlab/nodebb/app.js"],"memoryUsage":{"rss":294481920,"heapTotal":195198976,"heapUsed":164432120,"external":74292726,"arrayBuffers":70953438}},"os":{"loadavg":[1.23,1.17,0.8],"uptime":340350.31},"trace":[{"column":17,"file":"/home/phenomlab/nodebb/node_modules/express/lib/application.js","function":"Function.render","line":580,"method":"render","native":false},{"column":7,"file":"/home/phenomlab/nodebb/node_modules/express/lib/response.js","function":"ServerResponse.render","line":1012,"method":"render","native":false},{"column":11,"file":"/home/phenomlab/nodebb/src/middleware/render.js","function":null,"line":89,"method":null,"native":false},{"column":null,"file":null,"function":"new Promise","line":null,"method":null,"native":false},{"column":10,"file":"/home/phenomlab/nodebb/src/middleware/render.js","function":"renderContent","line":88,"method":null,"native":false},{"column":14,"file":"/home/phenomlab/nodebb/src/middleware/render.js","function":"ServerResponse.renderOverride [as render]","line":64,"method":"renderOverride [as render]","native":false},{"column":5,"file":"node:internal/process/task_queues","function":"processTicksAndRejections","line":96,"method":null,"native":false}]}
2021-04-23T13:18:12.371Z [4567/469428] - error: Error: Failed to lookup view "admin/dashboard" in views directory "/home/phenomlab/nodebb/build/public/templates"
    at Function.render (/home/phenomlab/nodebb/node_modules/express/lib/application.js:580:17)
    at ServerResponse.render (/home/phenomlab/nodebb/node_modules/express/lib/response.js:1012:7)
    at /home/phenomlab/nodebb/src/middleware/render.js:89:11
    at new Promise (<anonymous>)
    at renderContent (/home/phenomlab/nodebb/src/middleware/render.js:88:10)
    at ServerResponse.renderOverride [as render] (/home/phenomlab/nodebb/src/middleware/render.js:64:14)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

phenomlab

I've just seen an update for this plugin. Is it compatible now ?

julian

v5.0.0 of the 2factor authentication plugin has been published. It now allows for concurrent second factors, so you can have both a hardware key and an authenticator app in use at the same time.

When challenged, you can use either option to verify your identity.

julian

v7.4.0 of this plugin now notifies you in the event that your account was accessed, but the second factor challenge was not passed.

This provides a much-needed notification for the user that their password has been compromised and is in need of changing.

NodeBB (@[email protected])

Attached: 1 image The Two-Factor Authentication plugin that comes bundled with #NodeBB was just updated to v7.4.0. It now notifies you if your account was accessed, but the second factor challenge was not passed. If you see this notification, and it wasn't you, you just might want to change your now-compromised password! Oft forgotten, this feature provides much needed positive reinforcement that, yeah, #2FA works! #appsec #security #2factor

Fosstodon (fosstodon.org)

brazzerstop

@julian this is amazing feature!!! Thank you!

RazielKanos

when i try to add a hardware key i instantly get the message "hardware key registration abborted" and in the logs i found this:
2023-11-20T06:03:39.301Z [4567/995] - info: [plugin/2factor] Denying socket access for uid 2 pending second factor.

Any idea how I can fix this?

julian

Hmm, that actually sounds like a bug. Can you let me know your NodeBB version and 2factor plugin version?

I'll try to take a look tomorrow

RazielKanos

2-factor is: 7.4.0
Board is: v3.5.1.

RazielKanos

I also noticed that the 2fa isn't working for me too.
I generate the first code to test the application, that works, but when i want to log in later, it doesn't recognize the code, and i have to use a backup code