• Resolved Narendra Sishodiya

    (@narenin)


    Hi,
    I am using premium version of this plugin, the issue I am facing is, the wp_2fa_totp_key keep changing after some time so when we try to login with TOTP code generated using the TOTP key user has during setup gives an error ‘Invalid key’. I tried to debug the code and found that this is happening because of

    if ( Open_SSL::is_ssl_available() && false !== \strpos( $key, Open_SSL::SECRET_KEY_PREFIX ) ) {

    error_log('$key'.$key);

    $key = Open_SSL::decrypt( substr( $key, 4 ) );

    /**

    * If for some reason the key is not valid, that means that we have to clear the stored TOTP for the user, and create new on

    * That could happen if the global stored secret (plugin level) is deleted.

    *

    * Lets check and if that is the case - create new one

    */

    if ( ! Authentication::validate_base32_string( $key ) ) {

    self::$totp_key = '';

    self::remove_user_totp_key( $user );

    $key = self::get_totp_key( $user );

    $key = Open_SSL::decrypt( substr( $key, 4 ) );

    }

    }

    Here we are generating the code is generating another key if the global stored secret (plugin level) is deleted. Could you please let me know why this is happening again and again.

    Due to that our team is facing issue in login to the website.

    File Path : wp-content/plugins/wp-2fa-premium/includes/classes/Admin/Methods/class-totp.php

    Line No: 414

    Screenshot : The key keeps changing automatically after some time.

Viewing 1 replies (of 1 total)
  • Plugin Contributor robertabela

    (@robert681)

    Thank you for your message and for using our plugin @narenin

    These forums are reserved to the free plugin users. Since you are using the Premium edition of the plugin please email us at [email protected] and we will get back to you as soon as possible.

    Have a great weekend.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.