[DigitalPoint] Security 1.2.0.3

[digitalpoint]

I'm using an iPhone 'passkey' that I used to access the forum the first time (via 'Passkey login'). Then I chose to log off... and now when I choose the passkey for the second time:


View attachment 312845


I don't get it. Sorry.

I know it's not your problem @digitalpoint, but can't you please take over development again!

If it’s a Passkey you created pre-2.3 with this addon, they aren’t going to work. They are a different type (resident vs. non-resident). A non-resident is what this addon created, XF uses resident (which allows it to be used for login, not just two-step).

 

[alexm]

If it’s a Passkey you created pre-2.3 with this addon, they aren’t going to work. They are a different type (resident vs. non-resident). A non-resident is what this addon created, XF uses resident (which allows it to be used for login, not just two-step).

It was in v2.3. I don't think I got a choice between 'resident' vs 'non-resident', certainly with iPhone and I think with Yubikey too. It took it, registered it... and then not again. Sorry...

 

[digitalpoint]

It was in v2.3. I don't think I got a choice between 'resident' vs 'non-resident', certainly with iPhone and I think with Yubikey too. It took it, registered it... and then not again. Sorry...

Ya no clue… works fine for me on this site and other 2.3 sites.

 

[alexm]

Looking again in the cold light of day (and with a lot less to drink ) I forgot I’d had this problem before:

XF 2.3 Post in thread 'Logging in via passkey does not work for the forum, but works for admin console.'

Aug 8, 2024

I get the same thing.

Edit: If I click the top right 'Log in' link and the use the 'Passkeys' button on that page, it works!



Could it be something to do with, as it's a test server, the link is gives you is the login page and not the normal forum page?

• alexm

Because it’s a test site I’ve got all of the forum needing to login, hence you get asked for the username/password on the homepage. If you click the ‘Passkey’ button on the homepage it will not work.

But, if you click the ‘Log in’ link and then press the ‘Passkey’ button, it works every time!

Sorry to have wasted your time @digitalpoint!

 

[alexm]

Well since we changed owner to the Xenforo version and re-added @digitalpoint's 'Security' we've not had a single error.

Thank you @digitalpoint!

Regards,

Alex

 

[wahtajoe]

Need setup instructions from start for this addon.

 

[Alpha1]

It would be nice if users could see a list of logged in devices, similar to how Netflix does it. A list of devices Android Phone, PC Firefox, iPad, etc. and the last ttime/date of login. This is very easy to understand for people.
I know members can see their sessions, but non-tech savvy people don't understand it.
A similar button to sign a device out would be handy as well. As well as Sign out on all devices.

 

[dutchbb]

When trying to remove a session from account security page

Server error log

ErrorException: [E_WARNING] Undefined array key 1
src/addons/DigitalPoint/Security/XF/Pub/Controller/Account.php:16

Stack trace
#0 src/addons/DigitalPoint/Security/XF/Pub/Controller/Account.php(16): XF::handlePhpError(2, '[E_WARNING] Und...', '/home/...', 16)
#1 src/XF/Mvc/Dispatcher.php(362): DigitalPoint\Security\XF\Pub\Controller\Account->actionSecuritySessionDelete(Object(XF\Mvc\ParameterBag))
#2 src/XF/Mvc/Dispatcher.php(264): XF\Mvc\Dispatcher->dispatchClass('XF:Account', 'SecuritySession...', Object(XF\Mvc\RouteMatch), Object(SV\SearchImprovements\XF\Pub\Controller\Account), NULL)
#3 src/XF/Mvc/Dispatcher.php(121): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(SV\SearchImprovements\XF\Pub\Controller\Account), NULL)
#4 src/XF/Mvc/Dispatcher.php(63): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#5 src/XF/App.php(2824): XF\Mvc\Dispatcher->run()
#6 src/XF.php(814): XF\App->run()
#7 index.php(23): XF::runApp('XF\\Pub\\App')
#8 {main}

Request state
array(4) {
  ["url"] => string(42) "/account/security/session/delete?id=197286"
  ["referrer"] => string(46) "/account/security"
  ["_GET"] => array(1) {
    ["id"] => string(6) "197286"
  }
  ["_POST"] => array(5) {
    ["_xfToken"] => string(8) "********"
    ["delete"] => string(6) "delete"
    ["_xfResponseType"] => string(4) "json"
    ["_xfWithData"] => string(1) "1"
    ["_xfRequestUri"] => string(17) "/account/security"
  }
}

No problem removing them in admin cp

 

[Comsup]

The following server error was displayed today. How does one go about fixing the error?

• ErrorException: Passkey signature counter validation failed for user 34 (passkey 30). Expected counter > 6, got 6. This may indicate a cloned authenticator. src/XF/Error.php:81

Stack trace
#0 src/XF.php(270): XF\Error->logError('Passkey signatu...', false)
#1 src/XF/Service/Passkey/ManagerService.php(419): XF::logError('Passkey signatu...')
#2 src/XF/Service/Passkey/ManagerService.php(218): XF\Service\Passkey\ManagerService->validateSignatureCounter(6, 6, Object(XF\Entity\Passkey))
#3 src/XF/Tfa/Passkey.php(57): XF\Service\Passkey\ManagerService->validate(Object(XF\Http\Request), NULL)
#4 src/XF/Service/User/TfaService.php(134): XF\Tfa\Passkey->verify('login', Object(UserCheck\XF\Entity\User), Array, Object(XF\Http\Request))
#5 src/XF/ControllerPlugin/LoginPlugin.php(134): XF\Service\User\TfaService->verify(Object(XF\Http\Request), 'passkey')
#6 src/XF/Pub/Controller/LoginController.php(206): XF\ControllerPlugin\LoginPlugin->runTfaCheck('https://communi...')
#7 src/addons/Andy/BlockVPN/XF/Pub/Controller/LoginController.php(285): XF\Pub\Controller\LoginController->actionTwoStep()
#8 src/XF/Mvc/Dispatcher.php(362): Andy\BlockVPN\XF\Pub\Controller\LoginController->actionTwoStep(Object(XF\Mvc\ParameterBag))
#9 src/XF/Mvc/Dispatcher.php(264): XF\Mvc\Dispatcher->dispatchClass('XF:Login', 'TwoStep', Object(XF\Mvc\RouteMatch), Object(Andy\BlockVPN\XF\Pub\Controller\LoginController), NULL)
#10 src/XF/Mvc/Dispatcher.php(121): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(Andy\BlockVPN\XF\Pub\Controller\LoginController), NULL)
#11 src/XF/Mvc/Dispatcher.php(63): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#12 src/XF/App.php(2824): XF\Mvc\Dispatcher->run()
#13 src/XF.php(814): XF\App->run()
#14 index.php(23): XF::runApp('XF\\Pub\\App')
#15 {main}

Request state
array(4) {
  ["url"] => string(15) "/login/two-step"
  ["referrer"] => string(125) "https://communications.support/login/two-step?provider=passkey&remember=1&_xfRedirect=https%3A%2F%2Fcommunications.support%2F"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(11) {
    ["_xfToken"] => string(8) "********"
    ["webauthn_payload"] => string(623) "{"id":"2s8cObTtl760u33E13tKWd06v3wa7pnYB09qPDfG2O0=","authenticatorData":"6sO4t052UU7d+MVX81ofSJ0jhlD3NHUJNufbVKi7gvkFAAAABg==","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiUmxka00xWkhObFJ6VkdoM1V6UllXRkJpYzJocVVtMWFZMnh3WjJ4YVRHSTBNVTFGU1RRMlR6VkJVelY0VTFoelUxZFRUR3BXTTFFeFdreFBVMWd4Y1VGTFpFeEtVbHA0U0RGTmRURkpSMkZ2TFVKQmJ6bE5kMUpTTUdweWFrVkpkREJTYkhnMFdXNURObGRoWm5SemN6TnBTbWd3TTBKM05GQTNaRXd3ZVZjIiwib3JpZ2luIjoiaHR0cHM6Ly9jb21tdW5pY2F0aW9ucy5zdXBwb3J0IiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ==","signature":"MEQCID8OsclhJD0XHBfvZmg6su83LWxlNiye0ITXkWOvzXoJAiAvVkugsw6qVa/YHlSTKrDZXFIGaLJmQfykdsUmNyxagA=="}"
    ["webauthn_challenge"] => string(128) "FWd3VG6TsThwS4XXPbshjRmZclpglZLb41MEI46O5AS5xSXsSWSLjV3Q1ZLOSX1qAKdLJRZxH1Mu1IGao-BAo9MwRR0jrjEIt0Rlx4YnC6Waftss3iJh03Bw4P7dL0yW"
    ["trust"] => string(1) "1"
    ["confirm"] => string(1) "1"
    ["provider"] => string(7) "passkey"
    ["remember"] => string(1) "1"
    ["_xfRedirect"] => string(31) "https://communications.support/"
    ["_xfResponseType"] => string(4) "json"
    ["_xfWithData"] => string(1) "1"
    ["_xfRequestUri"] => string(95) "/login/two-step?provider=passkey&remember=1&_xfRedirect=https%3A%2F%2Fcommunications.support%2F"
  }
}

 

[digitalpoint]

The following server error was displayed today. How does one go about fixing the error?

• ErrorException: Passkey signature counter validation failed for user 34 (passkey 30). Expected counter > 6, got 6. This may indicate a cloned authenticator. src/XF/Error.php:81

Stack trace
#0 src/XF.php(270): XF\Error->logError('Passkey signatu...', false)
#1 src/XF/Service/Passkey/ManagerService.php(419): XF::logError('Passkey signatu...')
#2 src/XF/Service/Passkey/ManagerService.php(218): XF\Service\Passkey\ManagerService->validateSignatureCounter(6, 6, Object(XF\Entity\Passkey))
#3 src/XF/Tfa/Passkey.php(57): XF\Service\Passkey\ManagerService->validate(Object(XF\Http\Request), NULL)
#4 src/XF/Service/User/TfaService.php(134): XF\Tfa\Passkey->verify('login', Object(UserCheck\XF\Entity\User), Array, Object(XF\Http\Request))
#5 src/XF/ControllerPlugin/LoginPlugin.php(134): XF\Service\User\TfaService->verify(Object(XF\Http\Request), 'passkey')
#6 src/XF/Pub/Controller/LoginController.php(206): XF\ControllerPlugin\LoginPlugin->runTfaCheck('https://communi...')
#7 src/addons/Andy/BlockVPN/XF/Pub/Controller/LoginController.php(285): XF\Pub\Controller\LoginController->actionTwoStep()
#8 src/XF/Mvc/Dispatcher.php(362): Andy\BlockVPN\XF\Pub\Controller\LoginController->actionTwoStep(Object(XF\Mvc\ParameterBag))
#9 src/XF/Mvc/Dispatcher.php(264): XF\Mvc\Dispatcher->dispatchClass('XF:Login', 'TwoStep', Object(XF\Mvc\RouteMatch), Object(Andy\BlockVPN\XF\Pub\Controller\LoginController), NULL)
#10 src/XF/Mvc/Dispatcher.php(121): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(Andy\BlockVPN\XF\Pub\Controller\LoginController), NULL)
#11 src/XF/Mvc/Dispatcher.php(63): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#12 src/XF/App.php(2824): XF\Mvc\Dispatcher->run()
#13 src/XF.php(814): XF\App->run()
#14 index.php(23): XF::runApp('XF\\Pub\\App')
#15 {main}

Request state
array(4) {
  ["url"] => string(15) "/login/two-step"
  ["referrer"] => string(125) "https://communications.support/login/two-step?provider=passkey&remember=1&_xfRedirect=https%3A%2F%2Fcommunications.support%2F"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(11) {
    ["_xfToken"] => string(8) "********"
    ["webauthn_payload"] => string(623) "{"id":"2s8cObTtl760u33E13tKWd06v3wa7pnYB09qPDfG2O0=","authenticatorData":"6sO4t052UU7d+MVX81ofSJ0jhlD3NHUJNufbVKi7gvkFAAAABg==","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiUmxka00xWkhObFJ6VkdoM1V6UllXRkJpYzJocVVtMWFZMnh3WjJ4YVRHSTBNVTFGU1RRMlR6VkJVelY0VTFoelUxZFRUR3BXTTFFeFdreFBVMWd4Y1VGTFpFeEtVbHA0U0RGTmRURkpSMkZ2TFVKQmJ6bE5kMUpTTUdweWFrVkpkREJTYkhnMFdXNURObGRoWm5SemN6TnBTbWd3TTBKM05GQTNaRXd3ZVZjIiwib3JpZ2luIjoiaHR0cHM6Ly9jb21tdW5pY2F0aW9ucy5zdXBwb3J0IiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ==","signature":"MEQCID8OsclhJD0XHBfvZmg6su83LWxlNiye0ITXkWOvzXoJAiAvVkugsw6qVa/YHlSTKrDZXFIGaLJmQfykdsUmNyxagA=="}"
    ["webauthn_challenge"] => string(128) "FWd3VG6TsThwS4XXPbshjRmZclpglZLb41MEI46O5AS5xSXsSWSLjV3Q1ZLOSX1qAKdLJRZxH1Mu1IGao-BAo9MwRR0jrjEIt0Rlx4YnC6Waftss3iJh03Bw4P7dL0yW"
    ["trust"] => string(1) "1"
    ["confirm"] => string(1) "1"
    ["provider"] => string(7) "passkey"
    ["remember"] => string(1) "1"
    ["_xfRedirect"] => string(31) "https://communications.support/"
    ["_xfResponseType"] => string(4) "json"
    ["_xfWithData"] => string(1) "1"
    ["_xfRequestUri"] => string(95) "/login/two-step?provider=passkey&remember=1&_xfRedirect=https%3A%2F%2Fcommunications.support%2F"
  }
}

That’s native Passkey stuff built into XenForo core, not this addon.

 

[Comsup]

That’s native Passkey stuff built into XenForo core, not this addon.

Does that mean XenForo's core is broken?

 

[digitalpoint]

Does that mean XenForo's core is broken?

The error implies a problem with the Passkey on the user’s side. You can Google the error if you want, but most probably it’s a Passkey that the user improperly restored from a backup.