Unable to login with non-admin users

  • Resolved tiznar

    (@tiznar)


    6 years, 3 months ago

    Howdy. After I enable 2FA for any other users apart from the first, admin account, I find it impossible to log into that user’s account on the normal wp-login page. I did some investigation and troubleshooting myself and I eventually found this in the browser console for the wp-login page:

    Simba TFA: form submit request tfa.js:130:3
Simba TFA: User does not have OTP enabled: submitting form (form_type=1) fa.js:67:7

    That error is there even though I have checked and rechecked that I have the “Enabled” option selected and saved on the admin.php?page=two-factor-auth-user page. So I need your help to figure this out. Thanks!

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author David Anderson / Team Updraft

    (@davidanderson)

    I find it impossible to log into that user’s account on the normal wp-login page

    You can’t log in at all? What’s the error message that appears? Or, it just doesn’t ask you for TFA and logs you in with just a password?

    Thread Starter tiznar

    (@tiznar)

    No, I can’t log in at all. The error message that appears at the top of the page is:
    Error: The one-time password (TFA code) you entered was incorrect.

    So it doesn’t ask me for my TFA and doesn’t log me in.

    Plugin Author David Anderson / Team Updraft

    (@davidanderson)

    Were there any other JavaScript errors in the console from any component at all? The cause of this problem when I’ve seen it before has been another component that breaks JavaScript execution.

    Can you run this SQL on your database (e.g. via phpMyAdmin or whatever database admin tool your web hosting company provides) ?

    SELECT u.user_login, um.meta_key, um.meta_value FROM wp_users u, wp_usermeta um WHERE u.ID=um.user_id AND um.meta_key LIKE 'tfa%';

    And also then let me know which username is of the working user, and which of the non-working user.

    Very important:

    – In the results, you must replace the contents of any rows entitled tfa_priv_key_64, e.g. with “(replaced)”, because you don’t want to post your private key to the world. (Actually it doesn’t matter if you do because it’s encrypted in the database and so not actually the raw key, but let’s be cautious!).

    – In the query, replace wp_ both times that it occurs with the actual table prefix in your WordPress database (you can read this from your wp-config.php file).

    David

    Thread Starter tiznar

    (@tiznar)

    Sorry for the delayed response.

    Also, I’m sorry but I won’t be able to share my private keys or usernames with you. All I can say is that after running the query, all the erring accounts had:
    – tfa_algorithm_type: totp
    – tfa_enabled_tfa: 1

    And those are the same values displayed for the account for which log in works fine. Very strange.

    And no, I don’t see any other JavaScript errors in the console when I try to log in. So what else do you think could be the problem?

    Thread Starter tiznar

    (@tiznar)

    UPDATE: I think the problem is specific to Firefox, ’cause I just tried to log in right now using Chrome and Safari and they both showed me the input field for the OTP. Any tips?

    Plugin Author David Anderson / Team Updraft

    (@davidanderson)

    Try de-activating all your add-ons in Firefox.

    Thread Starter tiznar

    (@tiznar)

    I don’t appear to have any add-ons installed, and even when I used the “Restart with Add-ons Disabled” option of Firefox, the problem still didn’t go away. Can you try it out to see if you can replicate this problem on Firefox Quantum version 64.0? Thanks.

    Plugin Author David Anderson / Team Updraft

    (@davidanderson)

    Hi,

    That’s the browser I’m using every day.

    How about if you create a new, clean profile? Or, if you have no add-ons installed, you could reset Firefox (https://www.tomsguide.com/us/reset-firefox-howto,news-18817.html).

    We once saw a similar problem from someone who had a browser extension that auto-inserted their username and password, which is why I’m thinking it’s something in your browser (and because it doesn’t happen in another browser). If you open your developer tools to capture the XML HTTP request to which you see the ‘User does not have OTP enabled’ response, what username is in it? The time it happened before with someone’s browser extension, their extension was switching the credentials round.

    Is there anything unusual about the username? Any non-alphanumeric characters? If so, what?

    David

    Thread Starter tiznar

    (@tiznar)

    Yikes! You are absolutely right. The actual problem was that the usernames had a preceding space, and I didn’t notice that because they (and the passwords) were auto-inserted by my browser. It was when I inspected, in the browser console, the data sent in the POST request for logging in that I noticed that the username was preceded by a “+” (i.e one of the escaped versions of a single space, another one being “%20”). Arghhhh! All this pain for the sake of a single space?! Unbelievable.

    So thanks a lot for helping me to troubleshoot this to the very end! I’ll definitely leave a review on your plugin about the awesome support you give for this plugin. Cheers mate!

    PS: Feel free to mark this thread as resolved now.

    Plugin Author David Anderson / Team Updraft

    (@davidanderson)

    Hi,

    Great – glad you got it sorted. Thank you for the review!

    David

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Unable to login with non-admin users’ is closed to new replies.

Tags