[NICK97] Recently Used Device - XF2 2.4.9

Thank you for your unwavering support and assistance in enhancing this add-on further. This version of the XF2 Add-on is compatible with XenForo 2.3.10 and above, and it includes several more bug fixes and changes.

Full Changelog(s):

• Compatible with XenForo 2.3.10+
• Added resend fallback when session pending data is missing:
• Preserved pending approval data across forced logout
• preserved n97RudPendingApproval in the new session
• Removed mixed logged-in UI state on public approval enforcement
• Ensured /login shows approval-required page when pending approval exists
• redirects to login (both public + AdminCP) instead of rendering approval UI in the same request.
• Added explicit CSRF validation to admin device-management POST actions and improved post-action redirect behavior.
• Added approval indexes for fast token/pending lookups (approval_token_hash, user_id + approval_requested_at) for fresh installs and repair path.
• Added missing table guard in auth-type upgrade step.
• Strengthened setup/migration safety and performance:
• Hardened ACP fallback approval rendering so resend only appears when pending device state is valid.
• Reworked pending-approval cookie fallback to a single batched DB query (public + ACP) to prevent timeout-class behavior.
• Added indexes for approval_token_hash and user_id + approval_requested_at
• Added stale-CSRF recovery for approval actions using signed payload fallback (so valid approval pages don’t fail with security errors after session/token rotation):
• Kept /devices/fingerprint strict CSRF-only (no fallback), so anti-CSRF posture remains intact:
• Fixed template-mod insertion points to avoid duplicate login notices and improve admin/public compatibility:
• Improved class-extension compatibility by making login action signatures variadic where needed:
• Replaced the theme-dependent label label--accent badge with a dedicated badge class so text is always visible.
• Switched device row action buttons to explicit button icons and plain core phrases, so they no longer depend on icon tokens inside custom phrases.
• Hardened action-button layout so icon/text spacing and alignment stay consistent across themes.
• Block/Unblock/Logout icon sizing is now clamped smaller (13px)
• Resolved fatal crashes in previous versions when after updated to XF 2.3.10
• Fixed several more bugs compared to previous versions
• A new option has been added that requires a password before unblocking own devices (only for the user’s end).

Important Note:

• Please take a backup before installing this version, that way if something goes wrong you can restore to a working point as this update is in beta
• Device approval and device limit features are currently undergoing beta testing. However, please expect that there will be known bugs that will need to be fixed in upcoming releases.
• This update requires XF 2.3.10 or later, as we’ve already resolved fatal crashes in previous versions.

Thank you for your unwavering support and assistance in further enhancing this add-on. This version of the XF2 Add-on includes several bug fixes and a several new features and changes.

Full Changelog(s):

• Added “Push notifications” = XF Alerts (no external provider).
• Added Approval blocks login until approved.
• Added Approval replaces XF 2FA when enabled.
• Added Link Expired option = TTL in minutes (default 10).
• Enable browser fingerprinting fallback
• Added Show additional device details option like
  • show extra device details in the device list and in related email templates
    • authorization status
    • login method
    • device token
    • coordinates with link to Google maps
    • user agent
    • IP address
• Added New device alert permission is separate from email permission.
• Added other user groups permission like
  • Bypass device approval requirement
  • Bypass device limit
• Updated Update Mobile Detect from v3 => v4.8.06
• Added add-on options tabs like
  • User
  • Trusted Devices
  • Notifications
  • Debug
• Fixed the timeout loop in Admin login dispatch.
• Removed API tab in add-on option page
• Organized add-ons options to current tabs
• Added Debug device save validation errors option (Default: Off)
• Relax option login/registration maxlength validation (Default: Off)
• Fixed several bugs related to R2 presigned URL between GeoLite2 database option and Maxmind License Key options conflict
• Added option description for Add browser token cookie to necessary cookies for cookies consent
• Added resend validation + rate limiting (30s) for both public and ACP resend actions.
• Added hard server-side approval fallback enforcement for both public and ACP controller contexts.
• Added a one-time guard variable ($n97RudLoginNoticeShown) in both login notice template modifications (public and admin) so the message is not injected after every </xf:form>.
• Added n97_rud_login_notice_admin now injects before <div class="adminLogin-boardTitle"> instead of after </xf:form>.
• Added deduplicated registration logic so consent entries are normalized and not repeatedly added.
• Prevented blocked-device token revival and revoked approval fields when blocked.
• Change: logs an error if neither approval email nor approval alert could be dispatched.
• Change: sendDeviceApprovalRequest() now sends approval email with immediate dispatch (send) instead of queue-first behavior.
• Change: removed logDevices permission gate in shouldRequireApprovalForCurrentDevice().
• Change: removed hasPermission('nick97_rud', 'logDevices') gate from enforceDeviceApprovalBeforeLogin().
• Switched approval/notification emails to non-blocking dispatch (queue() when available, send() fallback, exception-safe).
• Fixed ACP login now always enforces approval server-side (no provider/passkey request bypass branch) in Login.php (line 83).
• Fixed Approval enforcement no longer skips based on client-influenced auth type markers in DeviceLogger.php (line 228).
• Fixed Enforced signed browser-token cookies with HMAC validation and strict rejection of unsigned/invalid cookie values in DeviceLogger.php (line 122) and DeviceLogger.php (line 170).
• Added the missing phrase for cookie_consent.cookie_description_n97_rud_fp
• Integrated cookie consent registration for the XF cookies you listed:
  • xf___crossTab
  • xf_csrf
  • xf_consent
  • xf_ls
  • xf_session
  • xf_tfa_trust
  • xf_user
• Updated client JS to send fingerprint via POST with _xfToken instead of unauthenticated GET.
• Added a dedicated login remember-sync JS module
• Applied remembered state during AdminCP auto-login continuation after device approval:
• Added robust remember-state capture and fallback in server logic:
• Loaded that JS on both login templates (public + admin), with one-time template guards:

Note:

• Existing unsigned legacy fc_browser_token_* cookies will be rejected, so users may need one-time re-approval on first login after deploy.
• This add-on’s price will increase to $45.00/$35.00 from the current $35.00/$25.00, as it will include even more new features.

Thank you for your unwavering support and assistance in further enhancing this add-on. This version of the XF2 Add-on includes several bug fixes and a few new features and changes.

Full Changelog(s):

New:

• Ability to rename own specific devices in my devices page
• Added Current Device banner in my devices page
• Added a code event listener for app_setup that executes nick97\recentlyuseddevices\Listener::appSetup()
• Added a dedicated Admin Permission: n97_devices_manage
  • The Devices tab in Users > Edit user now only appears when:
  • Option Allow admin to manage user devices is enabled, and
  • The admin has the Manage user devices permission.
• Allow admin to manage user devices: This now works end-to-end (tab loads + actions no longer 404) when the option is enabled.
• Allow step-up verification when no trusted devices exist: No behavioral change was required for this request; the option remains functional and independent of this AdminCP routing fix.

Changes:

• Updated the Admin login hook so that when Check device logging in ACP is enabled:
• hardened “Logout all devices” by enforcing its existing permission (n97_devices_logout) at the controller level (not just via template visibility).

Fix:

• Removed "composer_autoload": "vendor/composer" from addon.json so XenForo no longer tries to register composer maps for this add-on during app boot.
• Removed the unsupported template filter entirely.
• Fixed appSetup() does a simple, safe require_once(DIR . '/vendor/autoload.php') so GeoIP2 / MobileDetect still load without relying on XF’s composer registry.
• Fixed: Device rules are enforced before admin session establishment.
• Fixed: The device is then recorded after successful ACP login (mirrors public-side behavior, without breaking device-limit enforcement).
• Switched to a safe, XenForo-version-independent approach by using CSS text-transform: uppercase; around the value.

Thank you for your support and helping me to improve the add-ons even better than before. This version includes new features and changes in some areas of the XF2 Add-on!

Full Changelog:

New:

• Admin: “Manage devices” tab in user edit
• Shows all devices for that user with OS, browser, device type, location and IP.
• Includes actions per device:
  • Sign out (force logout)
  • Block / Unblock device
• New option: Require password before blocking a device.
• Exit other devices when limit is reached
• New option: Exit other devices when limit is reached when the device limit is reached:
• With this option enabled – the new login is allowed and older devices are logged out.
• With this option disabled – behaviour stays as before (new login may be denied).
• Cloudflare R2 / S3 presigned URL support for GeoIP
• New option to use a presigned R2/S3 URL for the GeoLite2 database.
• Allows you to host the .mmdb file yourself (e.g. Cloudflare R2) instead of relying only on the MaxMind API.

Changes:

• Improved device type detection (XF 2.3+)
• Better detection of mobile / tablet / desktop using updated browser info.
• Device type is stored in browser_info and can be displayed in public and admin templates (upper-cased label).
• Admin devices template
• Uses XenForo’s valid filter |toUpper instead of |upper.
• Uses the same field names as the public devices list for:
  • Last seen time
  • IP address
  • Location
• This keeps the ACP view in sync with the already-working front-end behaviour.
• Device limit handling
• Login flow updated so device limits respect the new “Exit other devices” option and don’t unnecessarily block valid logins.

Fixes:

• GeoIP “::1 is not in the database”
• Fixed AddressNotFoundException when the IP is ::1 or another address not present in the GeoIP database.
• “You are no longer logged in” loop
• Fixed a rare issue where devices left with a force_logout flag and mis-handled device cookies could cause repeated: This action could not be completed because you are no longer logged in.
• Device records and cookies are now updated correctly on login/logout.
• Admin template getter errors
• Fixed “unknown getter” errors like:
  • last_seen
  • ip_address
  • location
• Admin template now uses only real entity properties / relations.

Know Issues:

• Sign out / Block / Unblock buttons in the admin devices tab pointing to non-existent routes.
• Require password before blocking a device overlay is not displaying once you click block devices
  • When enabled, users must confirm their password via XenForo’s overlay before a device can be blocked from the account > devices page.

Thank you for your support and helping me to improve the add-ons even better than before. This version includes new features and changes in some areas of the XF2 Add-on!

Full Changelog:

• Fixed Font awesome icon is not displaying currently in XF 2.3
• Added Font awesome icon in buttons

Discount $35 off when you buying purchase this add-on license (From July 2 2024 to July 26 2024)

Note: last few weeks ago tyleraustins.com was down due to dns and url redirect issues. Anyway if you are still having redirect issue in your web browser I would highly recommend clearing your cache right away.

Hi Everyone

I wanted to let you known I can confirmed its is working with XF 2.3.0 beta 7 at this time

Note: Same font awesome icon is not displaying currently and it’s will be fixed in future versions!

Thank you for your support and helping me to improve the add-ons even better than before. This version includes new features and changes in some areas of the XF2 Add-on!

Full Changelog:

• internal_data folder was missing in previous version

Note: This version will be one of the last releases that’s will be supported with XenForo 2.2.x and newer updates will require XenForo 2.3.x or later!

Thank you for your support and helping me to improve the add-ons even better than before. This version includes new features and changes in some areas of the XF2 Add-on!

Full Changelog:

• Added Only allow user to login to one or two devices at a time option
• Added TFA: Authorize via trusted device with option to enable it! (Based on this suggestion)
• Updated MobileDetect library to 4.8.03

Thank you for your support and helping me to improve the add-ons even better than before. This version includes bug fixes in some areas of the XF2 Add-on!

Full Changelog:

• Updated the copyright phrases
• Removed line from copyright phrase