[DigitalPoint] Security

[DigitalPoint] Security 1.2.0.3

No permission to download
What do you mean copy token code? Can you post a screenshot? Are you sure you are looking at a Passkey?
Not passkeys. Specifically for the Twilio OneTouch "Verification via Authy app". It appears to me to be a XenForo/Twilio issue and not so much an issue with this add-on. I can't get the right API key from Twilio or I'm doing something wrong to make that work. I can't find any instructions on set up anywhere, other than go to Twilio and put in a API key, which does not seem to be working for this. I also put in a ticket w/XenForo but I've disabled it for now.
 
When trying to delete a hardware key, I get the following error:

Code:
ErrorException: [E_WARNING] Undefined array key "credentialId" in src/addons/DigitalPoint/Security/XF/Pub/Controller/Account.php at line 201

    XF::handlePhpError() in src/addons/DigitalPoint/Security/XF/Pub/Controller/Account.php at line 201
    DigitalPoint\Security\XF\Pub\Controller\Account->actionTwoStepDisable() in src/XF/Mvc/Dispatcher.php at line 352
    XF\Mvc\Dispatcher->dispatchClass() in src/XF/Mvc/Dispatcher.php at line 259
    XF\Mvc\Dispatcher->dispatchFromMatch() in src/XF/Mvc/Dispatcher.php at line 115
    XF\Mvc\Dispatcher->dispatchLoop() in src/XF/Mvc/Dispatcher.php at line 57
    XF\Mvc\Dispatcher->run() in src/XF/App.php at line 2483
    XF\App->run() in src/XF.php at line 524
    XF::runApp() in index.php at line 20
 
Did anything going on with this account that you can think of that might be out of the ordinary? That error message implies that there's a record for a key that is incomplete somehow. Easy enough to fix, but it would be nice to get to bottom of why that incomplete record is in there before you delete it.

Do you know what type of hardware key was used to create it? It could be the hardware key itself giving a partial record for some reason, so might need to look into that.
 
digitalpoint updated [DigitalPoint] Security & Passkeys with a new update entry:

Adds ability to auto-extend device trust when device is actively in-use

  • Check for incomplete records when deleting a key
  • New advanced option: Days to auto-extend two-step device trust (especially useful for forthcoming iOS PWA, see this thread)
  • Reformat list of two-step options to use icons for enable/disable/manage actions instead of XenForo's default buttons with text (see screenshot below)
This:
[ATTACH type="full"...

Read the rest of this update entry...
 
  • New advanced option: Days to auto-extend two-step device trust (especially useful for forthcoming iOS PWA, see this thread)

This extends based on what? If their original token expies in 30 days and this is set to 14, they now have 45 days?

Or does this just extended X days into the future (if higher than token expiry?)
 
Or does this just extended X days into the future (if higher than token expiry?)
This.

The underlying logic is to take the maximum between:
  • The already existing "trust until" date for the device (what gets set to 30 days from now by default when a new device is used)
  • x days from now if you use the auto-extend trust option (with x being the number of days you set that option for)
So for example if you have it set to trust a device for 60 days and then auto-extend trust 7 days, it wouldn't do anything for the first 53 days. Then it will start extending the trust of the device to be 7 days from today when the user auto-logs in (specifically creates a session from a cookie). Which will effectively allow the user to keep the trusted device trusted until they don't use it for a 7 day span.
 
Ah, error log filling up:
ErrorException: [E_WARNING] Creating default object from empty value src\addons\DigitalPoint\Security\XF\Entity\UserRemember.php:31
Generated by: Unknown account May 2, 2023 at 1:49 AM
Stack trace
#0 src\addons\DigitalPoint\Security\XF\Entity\UserRemember.php(31): XF::handlePhpError(2, '[E_WARNING] Cre...', '...', 31, Array)
#1 src\XF\Pub\App.php(406): DigitalPoint\Security\XF\Entity\UserRemember->extendExpiryDate()
#2 src\XF\Pub\App.php(354): XF\Pub\App->loginFromRememberCookie(Object(XF\Session\Session))
#3 src\XF\Pub\App.php(155): XF\Pub\App->onSessionCreation(Object(XF\Session\Session))
#4 src\XF\App.php(2348): XF\Pub\App->start(true)
#5 src\XF.php(524): XF\App->run()
#6 index.php(20): XF::runApp('XF\\Pub\\App')
#7 {main}
  • ErrorException: [E_NOTICE] Trying to get property 'trusted_until' of non-object
  • src\addons\DigitalPoint\Security\XF\Entity\UserRemember.php:31
  • Generated by: Unknown account
  • May 2, 2023 at 1:53 AM

Stack trace​

#0 src\addons\DigitalPoint\Security\XF\Entity\UserRemember.php(31): XF::handlePhpError(8, '[E_NOTICE] Tryi...', 'W:\\HostingSpace...', 31, Array)
#1 src\XF\Pub\App.php(406): DigitalPoint\Security\XF\Entity\UserRemember->extendExpiryDate()
#2 src\XF\Pub\App.php(354): XF\Pub\App->loginFromRememberCookie(Object(XF\Session\Session))
#3 src\XF\Pub\App.php(155): XF\Pub\App->onSessionCreation(Object(XF\Session\Session))
#4 src\XF\App.php(2348): XF\Pub\App->start(true)
#5 src\XF.php(524): XF\App->run()
#6 index.php(20): XF::runApp('XF\\Pub\\App')
#7 {main}

Possible conflict with :

 
I've got the auto extend set to 7 days, but last night I was asked to authenticate again.

Same device I've been using every day..
 
Is it possible you lost your tfa cookie in your browser? If you look under your account/two-step area, you should see all the remembered devices. If you see one that might be the same device that’s still in there, maybe your browser lost the tfa cookie somehow…
 
I do see two. The only difference is the Edge version number, would that affect it?
Ya, somewhere along the way (whenever you needed to redo the two-step) the tfa cookie was lost it sounds like. Not much we can do about that on the server-side inside the addon.

Maybe Edge resets cookies when it’s upgraded or something? Not sure exactly…
 
Just installed this addon for someone, and seeing something strange with it:

1687184296161.webp

1687184339962.webp

When I do get back in, clicking on the key throws the following error:

Screenshot 2023-06-19 at 15.20.14.webp
 
Do they have any other addons that add TFA options by chance? Not sure what’s going on exactly, but the info for the security key isn’t being saved for whatever reason… maybe something else is interfering with how that entity works (it’s just a theory)?
 
Back
Top Bottom