Bug in login

  • Hi there!

    Found a bug in login with the latest DUO.
    “[09-Jun-2020 07:08:20 UTC] Duo cookie with name: duo_secure_wordpress_auth_cookie not found. Start two factor authentication. SSL: 1”

    Any solution for this?

    /Thanks

Viewing 1 replies (of 1 total)
  • Thread Starter mickepalm

    (@mickepalm)

    Okay, I find this …

    In the file duo_wordpress.php I think I found the problem. You have an wp_logout() and the code will not running after that.

    function duo_start_second_factor($user, $redirect_to=NULL){
    if (!$redirect_to){
    // Some custom themes do not provide the redirect_to value
    // Admin page is a good default
    $redirect_to = isset( $_POST[‘redirect_to’] ) ? $_POST[‘redirect_to’] : admin_url();
    }

    wp_logout();

    duo_sign_request($user, $redirect_to);
    exit();
    }

    The problem here is that the dunction duo_sign_request() will never happened here.

    I commented this line and replace it with these lines

    function duo_start_second_factor($user, $redirect_to=NULL){
    if (!$redirect_to){
    // Some custom themes do not provide the redirect_to value
    // Admin page is a good default
    $redirect_to = isset( $_POST[‘redirect_to’] ) ? $_POST[‘redirect_to’] : admin_url();
    }

    //wp_logout();

    wp_destroy_current_session();
    wp_clear_auth_cookie();
    wp_set_current_user( 0 );

    duo_sign_request($user, $redirect_to);
    exit();
    }

    Do you think any developer can check this asap?

    /Thanks

Viewing 1 replies (of 1 total)
  • The topic ‘Bug in login’ is closed to new replies.

Tags