[DBTech] DragonByte Security

[DBTech] DragonByte Security [Paid] 4.7.0

No permission to buy ($14.95)
Overview Updates (45) Reviews (3) History Discussion
DragonByte Tech said:
You can't force a verification method, only force the verification itself. There's a user group permission setting for whether Two-step verification is required.

You can put this naughty account sharer in a special user group whose permissions all say "No" except for this permission (so as to not inadvertently override some other permission), then add that user to that group as one of their secondary groups.

They will then be forced to use 2FA, which at worst makes it more of a hassle for them to share.
Click to expand...

I'm pretty sure that could be applied as a user permission? Regardless I need specific control so it seems I'd need an extension made.
 
I have determined this addon is conflicting with another addon of mine causing random Security error's:

1570127790035.png

This occurs when trying to do anything javascript related after a browser has been closed (View alerts, notifications, quick reply) and then come back to it. It can occur after just minutes or several hours, there is no rhyme or reason that I could detect. Disabling this addon has stopped this problem from occurring.

The most likely collision is with XenCentral MultiSite although since this was occurring on my live forum I cannot disable it as it is a critical function.
 
doublespaces said:
I have determined this addon is conflicting with another addon of mine causing random Security error's:

View attachment 211516

This occurs when trying to do anything javascript related after a browser has been closed (View alerts, notifications, quick reply) and then come back to it. It can occur after just minutes or several hours, there is no rhyme or reason that I could detect. Disabling this addon has stopped this problem from occurring.

The most likely collision is with XenCentral MultiSite although since this was occurring on my live forum I cannot disable it as it is a critical function.
Click to expand...
Try disabling the fingerprinting feature if you have that enabled, that's the only thing that uses JS or secure POST actions.
 
DragonByte Tech said:
Try disabling the fingerprinting feature if you have that enabled, that's the only thing that uses JS or secure POST actions.
Click to expand...

Okay, I'll try that. If you have any javascript that is not using relative paths or something like that, I can see where there may be problems. MultiSite allows different subdomains to show entirely different node structure from the same installation. Depending on how you get the Base URL, that may or may not go well.
 
doublespaces said:
Okay, I'll try that. If you have any javascript that is not using relative paths or something like that, I can see where there may be problems. MultiSite allows different subdomains to show entirely different node structure from the same installation. Depending on how you get the Base URL, that may or may not go well.
Click to expand...
If it happens again, open your dev console and work out which request is causing the issue.
 
DragonByte Tech said:
That URL has nothing to do with DB Security as it does not interface with that page in any way.
Click to expand...

I never said it did. However this is one example of the error which would occur as a result of the broken session or whatever was occurring due to the conflict.

Your add-on is operating on top of the multi site add-on in a sense as the URLs you are accessing are symlinks to a home directory where various filters or regex replacements take place. So if you have code that calls any website resource then technically your add-on is interacting with multisite.

I'm not saying anyone is at fault. But it appears disabling this add-on has completely resolved the issue. I'm still planning on doing some testing per your recommendation.
 
Last edited:
doublespaces said:
Your add-on is operating on top of the multi site add-on in a sense as the URLs you are accessing are symlinks to a home directory where various filters or regex replacements take place. So if you have code that calls any website resource then technically your add-on is interacting with multisite.
Click to expand...
I'm not sure what exactly this part is saying but I do know that all calls to JS files happen via <xf:js> and as of the latest version there are no calls to images either (the previously used images were replaced with FontAwesome icons).

In other words, there is no part of this add-on that interferes with the normal keep-alive feature in XenForo. If there had been, this issue would have been reported on other sites 🤔

Also for the record; just because disabling this add-on resolved the issue in the past, does not mean the issue is in this add-on. Another customer had a problem where their forum home page would take several seconds to load when my Shop mod was enabled. It turns out a large part of the performance problem came from a bug in another add-on, only exposed by the Shop mod because it extends the permissions feature in XenForo.
 
DragonByte Tech said:
Also for the record; just because disabling this add-on resolved the issue in the past, does not mean the issue is in this add-on.
Click to expand...
Please read what I wrote:
doublespaces said:
I'm not saying anyone is at fault.
Click to expand...
DragonByte Tech said:
Another customer had a problem where their forum home page would take several seconds to load when my Shop mod was enabled. It turns out a large part of the performance problem came from a bug in another add-on, only exposed by the Shop mod because it extends the permissions feature in XenForo.
Click to expand...

And in both cases your addon is involved in a conflict with no regard to fault. I'm reporting a conflict and I have not determined exactly what the problem is, so I'm not sure what you are going on about. I even stated I would disable the other addon instead however it is a critical function and I am unable to do so. At this time I'm still testing. I have been unsuccessful reproducing it on my test board without the activity.
 
doublespaces said:
Please read what I wrote
Click to expand...
I did, but I'm not sure how that invalidates what I said 🤔 It was not my intention to come off as defensive, it was intended as a general explanation about how add-on conflicts sometimes work. If I offended you by posting the explanation then I apologise.

doublespaces said:
And in both cases your addon is involved in a conflict with no regard to fault. I'm reporting a conflict and I have not determined exactly what the problem is, so I'm not sure what you are going on about.
Click to expand...
As explained above, the point of that part of my post was a general explanation, and what I was "going on about" was giving an example of how sometimes, the conflicting add-on exposes a bug in another add-on rather than being the bugged add-on.

I know you did not assign fault and I did not intend to insinuate that you did. Again, my apologies if I offended you.
 
I have this error on my forum:

PHP: 
XF\Db\Exception: MySQL query error [1406]: Data too long for column 'dbtech_security_user_agent' at row 1 src/XF/Db/AbstractStatement.php:217
Generado por: Yolanda&Nubes 29 Oct 2019 a las 10:15
Seguimiento
INSERT  INTO `xf_user_remember` (`user_id`, `remember_key`, `expiry_date`, `dbtech_security_user_agent`, `remember_id`, `start_date`) VALUES (?, ?, ?, ?, ?, ?)
------------

#0 src/XF/Db/Mysqli/Statement.php(196): XF\Db\AbstractStatement->getException('MySQL query err...', 1406, '22001')
#1 src/XF/Db/Mysqli/Statement.php(77): XF\Db\Mysqli\Statement->getException('MySQL query err...', 1406, '22001')
#2 src/XF/Db/AbstractAdapter.php(94): XF\Db\Mysqli\Statement->execute()
#3 src/XF/Db/AbstractAdapter.php(218): XF\Db\AbstractAdapter->query('INSERT  INTO `x...', Array)
#4 src/XF/Mvc/Entity/Entity.php(1452): XF\Db\AbstractAdapter->insert('xf_user_remembe...', Array, false)
#5 src/XF/Mvc/Entity/Entity.php(1184): XF\Mvc\Entity\Entity->_saveToSource()
#6 src/XF/Repository/UserRemember.php(15): XF\Mvc\Entity\Entity->save()
#7 src/XF/ControllerPlugin/Login.php(245): XF\Repository\UserRemember->createRememberRecord(791)
#8 src/XF/ControllerPlugin/Login.php(182): XF\ControllerPlugin\Login->createVisitorRememberKey()
#9 src/addons/DBTech/Security/XF/ControllerPlugin/Login.php(47): XF\ControllerPlugin\Login->completeLogin(Object(SV\ReportImprovements\XF\Entity\User), true)
#10 src/addons/xenMade/AED/XF/ControllerPlugin/Login.php(12): DBTech\Security\XF\ControllerPlugin\Login->completeLogin(Object(SV\ReportImprovements\XF\Entity\User), true)
#11 src/XF/Pub/Controller/Login.php(117): xenMade\AED\XF\ControllerPlugin\Login->completeLogin(Object(SV\ReportImprovements\XF\Entity\User), true)
#12 src/addons/ThemeHouse/XLink/XF/Pub/Controller/Login.php(19): XF\Pub\Controller\Login->actionLogin()
#13 src/XF/Mvc/Dispatcher.php(321): ThemeHouse\XLink\XF\Pub\Controller\Login->actionLogin(Object(XF\Mvc\ParameterBag))
#14 src/XF/Mvc/Dispatcher.php(244): XF\Mvc\Dispatcher->dispatchClass('XF:Login', 'Login', Object(XF\Mvc\RouteMatch), Object(xenMade\LAU\XF\Pub\Controller\Login), NULL)
#15 src/XF/Mvc/Dispatcher.php(100): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(xenMade\LAU\XF\Pub\Controller\Login), NULL)
#16 src/XF/Mvc/Dispatcher.php(50): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#17 src/XF/App.php(2178): XF\Mvc\Dispatcher->run()
#18 src/XF.php(390): XF\App->run()
#19 index.php(20): XF::runApp('XF\\Pub\\App')
#20 {main}
 
DragonByte Tech updated [DBTech] DragonByte Security with a new update entry:

4.3.1

Update highlights

This version is a quick maintenance update to fix some reported bugs, as well as improved compliance with the XenForo Resource Guidelines.

The most important fix is PHP 7.4 compatibility; PHP 7.4 is now officially supported.


Complete Change Log

Change: Updated internal data path references to better support CDNs
Fix: Fix curly brace syntax for PHP 7.4
Fix: Fixed an issue where adding a closure / anonymous function to...
Click to expand...

Read the rest of this update entry...
 
@DragonByte Tech Getting Server error log.

Code: 
Assert\InvalidArgumentException: Invalid data src/addons/DBTech/Security/vendor/beberlei/assert/lib/Assert/Assertion.php:2752

Generated by: MegaAgun Dec 12, 2019 at 2:48 AM

Stack trace

#0 src/addons/DBTech/Security/vendor/beberlei/assert/lib/Assert/Assertion.php(319): Assert\Assertion::createException(0, 'Invalid data', 33, NULL, Array)
#1 src/addons/DBTech/Security/vendor/web-auth/webauthn-lib/src/PublicKeyCredentialLoader.php(78): Assert\Assertion::eq(0, 4, 'Invalid data')
#2 src/addons/DBTech/Security/vendor/web-auth/webauthn-lib/src/Server.php(201): Webauthn\PublicKeyCredentialLoader->load('')
#3 src/addons/DBTech/Security/Tfa/WebAuthn.php(218): Webauthn\Server->loadAndCheckAttestationResponse('', Object(Webauthn\PublicKeyCredentialCreationOptions), Object(Nyholm\Psr7\ServerRequest))
#4 src/XF/Pub/Controller/Account.php(897): DBTech\Security\Tfa\WebAuthn->verify('setup', Object(Datio\AllowedEmails\XF\Entity\User), Array, Object(XF\Http\Request))
#5 src/XF/Mvc/Dispatcher.php(350): XF\Pub\Controller\Account->actionTwoStepEnable(Object(XF\Mvc\ParameterBag))
#6 src/XF/Mvc/Dispatcher.php(257): XF\Mvc\Dispatcher->dispatchClass('XF:Account', 'TwoStepenable', Object(XF\Mvc\RouteMatch), Object(AddonFlare\PaidRegistrations\XF\Pub\Controller\Account), NULL)
#7 src/XF/Mvc/Dispatcher.php(113): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(AddonFlare\PaidRegistrations\XF\Pub\Controller\Account), NULL)
#8 src/XF/Mvc/Dispatcher.php(55): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#9 src/XF/App.php(2184): XF\Mvc\Dispatcher->run()
#10 src/XF.php(391): XF\App->run()
#11 index.php(20): XF::runApp('XF\\Pub\\App')
#12 {main}

Request state

array(4) {
  ["url"] => string(46) "/account/two-step/dbtech_security_authn/enable"
  ["referrer"] => string(68) "/account/two-step/dbtech_security_authn/enable"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(7) {
    ["nickname"] => string(8) "loverboy"
    ["publicKeyCredential"] => string(0) ""
    ["step"] => string(7) "confirm"
    ["_xfToken"] => string(8) "********"
    ["_xfRequestUri"] => string(46) "/account/two-step/dbtech_security_authn/enable"
    ["_xfWithData"] => string(1) "1"
    ["_xfResponseType"] => string(4) "json"
  }
}
 
You must log in or register to reply here.

Similar threads

DragonByte Tech
[DBTech] DragonByte Stripe Checkout
Replies
18
Views
547
Alpha1
Alpha1
DragonByte Tech
[DBTech] DragonByte WebP
Replies
16
Views
1K
DragonByte Tech
DragonByte Tech
DragonByte Tech
[DBTech] DragonByte Social Groups [Paid]
3 4 5
Replies
92
Views
6K
Chernabog
Chernabog
Painbaker
[OzzModz] Russian languge for [DBTech] DragonByte Security
Replies
2
Views
653
Ozzy47
Ozzy47
Sado Yasashii
Russian language for [DBTech] DragonByte eCommerce
Replies
0
Views
493
Sado Yasashii
Sado Yasashii
Top Bottom