twofactor_gauthenticator icon indicating copy to clipboard operation
twofactor_gauthenticator copied to clipboard

Published 20 hours ago verified publisher icon alexandregz

2 factor auth missing in settings

Open PVasileff opened this issue 3 years ago • 4 comments

I have installed Roundcube Webmail 1.4.11 and enabled twofactor_gauthenticator in roundcube/config/config.inc.php Roundcube configured to use elastic theme and after logged in and click about I see loaded plugin.

1

IF in /usr/share/roundcube/plugins/twofactor_gauthenticator/

I have moved config.inc.php.dist to config.inc.php and here is my config:

// if true ALL users must have 2-steps active
$rcmail_config['force_enrollment_users'] = false;

// whitelist, CIDR format available
// NOTE: we need to use .0 IP to define LAN because the class CIDR have a issue about that (we can't use 129.168.1.2/24, for example)
$rcmail_config['whitelist'] = array('11.22.33.44/32', '44.33.22.11');

// Admin can disable saving devices for all users (paranoid mode)
// Default: allow saving devices (true)
$rcmail_config['allow_save_device_30days'] = false;

// Make the 2-step field a masked password input type
// Default: form field will be text (false)
$rcmail_config['twofactor_formfield_as_password'] = false;


// Users allowed to use plugin (IMPORTANT: other users DON'T have plugin activated)
$rcmail_config['users_allowed_2FA'] = array('*@*');


// failure logging, suggested by @pngd (issue 131)
$rcmail_config['enable_fail_logs'] = true;

2factor authentication missing in Settings in roundcube and If i have allowed 2fa for some email account - users can loging wihtout prompt for 2fa.

If I move config.inc.php to config.inc.php.dist may used default settings in twofactor_gauthenticator.php and plugin showed up in settings ...

I want to use settings that I setting up in config php such allow_save_device_30days = false but when I move config.inc.php.dist to config.php 2fa missing in settings .. Nice recursion.

Can any help me with that?

Where I wrong ?

PVasileff avatar Mar 10 '21 22:03 PVasileff

So the problem is in

$rcmail_config['users_allowed_2FA'] = array('@');

because, when I modify it to:

$rcmail_config['users_allowed_2FA'] = array('[email protected]','[email protected]');

everithings is ok when using config.inc.php..

For login I using user@$domain.com as username - how can I allow plugin to be used from all of my domains and users that have mailboxes : ?

PVasileff avatar Mar 10 '21 22:03 PVasileff

It supports regular expressions, try defining it like this to enable it for all users and domains; $rcmail_config['users_allowed_2FA'] = array('.*@.*');

ahrain avatar Apr 11 '21 20:04 ahrain

I couldn't even make it work with $rcmail_config['users_allowed_2FA'] = array('.*@.*');

I had to do: $rcmail_config['users_allowed_2FA'] = array('.*');

And if I give a test with a specific user like this: $rcmail_config['users_allowed_2FA'] = array('[email protected]*'); it doesn't work.

I have to do this only: $rcmail_config['users_allowed_2FA'] = array('user');

meaz avatar May 14 '21 12:05 meaz