Arno0x
Successful verification, failed to jump
Hi, awesome author.
I have tried to configure TwoFactorAuth on windows many times. Its user authentication and OTP authentication functions are normally available, but after authentication, I jump to the APP website of my Nginx proxy.
Login
Login-Jump-Bugs
Main website: http://localhost:80/ OTP verification website: http://localhost:81/ APP service website: http://localhost:81/
Operating system version: Windows 10 x64 Nginx version: nginx-1.19.1 php version: php-7.4.8-nts-Win32-vc15-x64
My Config: test-config.zip
C:\nginx-1.19.1\conf\nginx.conf
worker_processes 1;
error_log logs/error.log info;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
keepalive_timeout 65;
# Main
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
auth_request /twofactorauth/nginx/auth.php;
proxy_pass http://localhost:81;
}
location = /twofactorauth/nginx/auth.php {
auth_request off;
proxy_pass http://localhost:81/twofactorauth/nginx/auth.php; # This is the TOTP Server
proxy_set_header X-Original-URI $request_uri;
}
location /twofactorauth/login/ {
auth_request off;
proxy_pass http://localhost:81/twofactorauth/login/;
}
location /twofactorauth/db/ {
deny all;
}
# This ensures that if the TOTP server returns 401 we redirect to login
error_page 401 = @error401;
location @error401 {
auth_request off;
return 302 $scheme://localhost/twofactorauth/login/login.php?from=$uri;
}
}
# TwoFactorauth & KodExplorer
server {
listen 81;
server_name localhost;
location / {
root html;
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
目前我已成功使用了另一个OTP验证程序,它比较简陋,还是期待能使用上您的作品。 simpleotp https://github.com/yu2n/simpleotp
感谢您的阅读。
Even when I try to include the port in the "from" variable:
return 302 $scheme://$host/twofactorauth/login/login.php?from=$scheme://$host:$server_port$uri;
it still goes to $host/.
I just ran into the exact same issue. Looking at the code, it seems that the from is not fully respected in that only the request path, query, and fragment are preserved, while the scheme and authority (host/port) parts are taken from the Two Factor Auth virtual host.
I do not exactly know the reason for this behaviour, but my fix for this is just simply:
diff --git a/login/login.php b/login/login.php
index 5c0b439..2bfc7af 100644
--- a/login/login.php
+++ b/login/login.php
@@ -85,12 +85,7 @@ else {
//--------------------------------------------------
// Checking which URL we should redirect the user to
if (isset($_GET['from'])) {
- $from = $_GET['from'];
- if (preg_match('#^(?:https?:)?//#', $_GET['from'], $m)) {
- $url = parse_url($_GET['from']);
- $from = $url['path'] . (!empty($url['query']) ? '?' . $url['query'] : '') . (!empty($url['fragment']) ? '#' . $url['fragment'] : '');
- }
- $redirectTo = ((isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on")? "https://" : "http://").$_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$from;
+ $redirectTo = $_GET['from'];
}
else {
$redirectTo = AUTH_SUCCEED_REDIRECT_URL;
