I've found some bugs where the forced email 2fa didn't reliably kick in. I should have an update out sometime soon.I have this installed and ticked and we're still getting logins on old accounts from the spammer with compromised credentials.
- Fix "Minimum time between triggering compromised password alerts on login" operating in seconds instead of hours
- Fix cases where email 2fa would not be forced enabled on the first login request after a password is discovered as compromised
- Rename various options to be better searchable
- Adjust various option defaults to be more robust.
- 'Minimum password length' from 8 => 10 characters
- 'Minimum password strength' from 'very weak' to 'weak'
- 'Pwned password...
Does it show a non-logged in user the email address for the account they are trying to log into?It is just the standard email 2fa flow, that is being triggered differently
Any ideas? The user had to reset their pw again today.No security flag has been set in the user-change log. But I see that he's had to change his pw twice today, twice yesterday, and once each day for the few days before that. The system shouldn't allow him to choose a pw that would be triggered for another change, would it?
Get them to provide a screenshot of what is prompting to reset their password. Neither this add-on or XF automatically force a password resetAny ideas? The user had to reset their pw again today.
Will do.Get them to provide a screenshot of what is prompting to reset their password. Neither this add-on or XF automatically force a password reset
[LIST]
[*]Error: Call to undefined method SV\PasswordTools\XF\Entity\User::canViewImsQuestions()
[*]src/addons/XenAddons/LD/Pub/Controller/Item.php:111
[*]Generated by: Unknown account
[*]June 7, 2023 at 5:10 PM
[/LIST]
[HEADING=2]Stack trace[/HEADING]
#0 src/XF/Mvc/Dispatcher.php(352): XenAddons\LD\Pub\Controller\Item->actionLatestQuestions(Object(XF\Mvc\ParameterBag))
#1 src/XF/Mvc/Dispatcher.php(259): XF\Mvc\Dispatcher->dispatchClass('XenAddons\\LD:It...', 'LatestQuestions', Object(XF\Mvc\RouteMatch), Object(XenAddons\LD\Pub\Controller\Item), NULL)
#2 src/XF/Mvc/Dispatcher.php(115): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(XenAddons\LD\Pub\Controller\Item), NULL)
#3 src/XF/Mvc/Dispatcher.php(57): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#4 src/XF/App.php(2487): XF\Mvc\Dispatcher->run()
#5 src/XF.php(524): XF\App->run()
#6 index.php(20): XF::runApp('XF\\Pub\\App')
#7 {main}
[HEADING=2]Request state[/HEADING]
array(4) {
["url"] => string(32) "/link-directory/latest-questions"
["referrer"] => bool(false)
["_GET"] => array(1) {
["/link-directory/latest-questions"] => string(0) ""
}
["_POST"] => array(0) {
}
}
canViewImsQuestions
is unrelated to any of my add-ons.src/addons/XenAddons/LD/Pub/Controller/Item.php:111
#0 src/XF/Mvc/Dispatcher.php(352): XenAddons\LD\Pub\Controller\Item->actionLatestQuestions(Object(XF\Mvc\ParameterBag))
Yep... and as I said, I've reported it over there also. Just thought you might like to know about it.canViewImsQuestions
is unrelated to any of my add-ons.
You are often better looking at the first few lines of the stack-trace:
Code:src/addons/XenAddons/LD/Pub/Controller/Item.php:111 #0 src/XF/Mvc/Dispatcher.php(352): XenAddons\LD\Pub\Controller\Item->actionLatestQuestions(Object(XF\Mvc\ParameterBag))
This add-on is now avaliable on atelieraphelion.com
- Require StandardLib v1.18.0+
- Add new "User-group for compromised passwords" option, which adds uses to the selected user-group when it is detected they have a compromised password on login.
Defaults to disabled. Useful for targeting with notices
We use essential cookies to make this site work, and optional cookies to enhance your experience.