2FAuth icon indicating copy to clipboard operation
2FAuth copied to clipboard

Published 20 hours ago verified publisher icon Bubka

WebAuthn account recovery and password recovery doesn't work. Email template broken.

Open PeopleInside opened this issue 1 year ago • 5 comments

Version

5.0.3

Details & Steps to reproduce

  1. In settings activate WebAuthn (I tested with Android device added)
  2. Open an incognito window and simulate the have lost your device. Ask for a recovery link
  3. The recovery link will open the recovery page, insert your password and try to log-in
  4. Nothing happen when press continue.

Expectation

Expect to login after following the device lost procedure. The screen shot the recovery page but after inserted the password the WebAuthn still be active and still be unable to login

Error & Logs

no logs

Execution environment

Date: Thu, 15 Feb 2024 14:40:52 +0000 userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0 Version: 5.0.3 Environment: production Install path: / Debug: false Cache driver: file Log channel: daily Log level: notice DB driver: mysql PHP version: 8.2.15 Operating system: Linux interface: fpm-fcgi Auth guard: web-guard webauthn user verification: preferred Trusted proxies: none

Additional information

Cannot test in the demo :-)

The issue is just the email template. I don't know why but when I recover a password or I try to recover access because of device lost, I get two email broken in the template with the wrong link. From those email I'm now able to fix the link to be correct and works.

What email I get:

<:message style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; position: relative;"> # Hello! You are receiving this email because we received an account recovery request for your account. <:button :url="$actionUrl" :color="$color" style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; position: relative;"> Recover Account This recovery link will expire in 60 minutes. If you did not request an account recovery, no further action is required. Regards,
2FAuth If you're having trouble clicking the "Recover Account" button, copy and paste the URL below into your web browser: [https://something.domain.ext//webauthn/recover?token=123456&email=emailaddress%40domain.ext](https://something.domain.ext//webauthn/recover?token=123456&email=emailaddress%40domain.ext)

The link will be: https://something.domain.ext//webauthn/recover?token=123456&email=emailaddress%40domain.ext](https://something.domain.ext//webauthn/recover?token=123456&email=emailaddress%40domain.ext)

So I just need fix this link removing the duplicate link and [ ( and the link works. The issue is present in reset password and also in the WebAuthn lost device reset.

I don't know why email get no well formatted and I don't know how to help to fix this. Are you able to reproduce?

No response

PeopleInside avatar Feb 15 '24 14:02 PeopleInside

This is really weird... I struggle to understand why this is happening while I stick to most Laravel default for this feature.

Bubka avatar Feb 17 '24 20:02 Bubka

This is really weird... I struggle to understand why this is happening while I stick to most Laravel default for this feature.

Are you able to reproduce?

PeopleInside avatar Feb 17 '24 20:02 PeopleInside

Yes I do. I already made several tests/changes to fix it but nothing worked.

Bubka avatar Feb 17 '24 20:02 Bubka

You may try to ask here if someone reply. Unfortunately I'm unable to help, I tried to look at this issue as well also if I'm not a developer :P but was not able to figure out.

PeopleInside avatar Feb 17 '24 20:02 PeopleInside

Got it! This is due to a directive introduced by Laravel v7 that breaks email rendering since v9. Removing the directive restore email formatting. Will push a fix asap.

Bubka avatar Feb 17 '24 21:02 Bubka

Updated to 5.0.4, but nothing changed for me. Still receiving <:message style="... emails. Is it just me?

rrrazor avatar Feb 26 '24 16:02 rrrazor

Yes seems it's only you, for me all works. Have you cleaned the cache? Have you also checked if the changes has been applied to your install? You just need to have a line removed as showed here: https://github.com/Bubka/2FAuth/commit/f2d4c43239fd79fcf919b46f8925c35e72f8f1e2

PeopleInside avatar Feb 26 '24 16:02 PeopleInside

Have you cleaned the cache? Have you also checked if the changes has been applied to your install?

Yes and yes. I have upgraded according to the upgrade instruction. Also have restarted my Apache server. Still the same problem. By the way, my email provider is MS Outlook

rrrazor avatar Feb 26 '24 16:02 rrrazor

Very strange because the fix works for me. What PHP version are you running? Have you checked and the fix is present in your installation?

Feel strange the fix is not working for you as everything seems fine and I don't think Outlook can cause an issue with that email.

PeopleInside avatar Feb 26 '24 16:02 PeopleInside

What PHP version are you running?

PHP 8.1.2-1ubuntu2.14

Have you checked and the fix is present in your installation?

Yes, app/Providers/AppServiceProvider.php is updated

rrrazor avatar Feb 26 '24 16:02 rrrazor

What PHP version are you running?

PHP 8.1.2-1ubuntu2.14

Have you checked and the fix is present in your installation?

Yes, app/Providers/AppServiceProvider.php is updated

I don't know so. I tested for you some minutes ago but the issue is fixed for me. Sorry I have no idea of what can be the cause on your install to still have the old issue.

PeopleInside avatar Feb 26 '24 16:02 PeopleInside