- Issue created by @Nadim Hossain
- Status changed to Closed: duplicate
3 months ago 7:47am 2 September 2024 - πΊπΈUnited States cmlara
I belive this is a duplicate of π TfaLoginController enforces opaque form expiration Active
The TFA email plugin module was created based on the TFA issue described at this Drupal issue link β¨ Create "Email one-time-code" Validation Plugin & related Setup Plugin Closed: outdated . The module provides an option to set a validity period for the code sent via email, allowing up to a maximum of 10 minutes (600 seconds). However, due to a restriction in the TFA module that denies access after 5 minutes from the start of the TFA process, the user is asked to log in again, even though the code remains valid beyond the 5-minute mark.
1. Install tfa and the
tfa_email_otp β
module.
2. Enable TFA and select "TFA Email one-time password (EOTP)" as the Allowed validation plugin and Default Validation plugin
3. Choose the Code validity period in minutes to 10 for the TFA Email one-time password (EOTP) Validation settings.
4. Save the configs
5. Now login as an user with enabled tfa
6. send the code and wait for more than 5 minutes
7. It will ask the user to login and deny the access
Update this code in TfaLoginController.php to increase the time to 10 minutes to match it with the email plugin highest code validation period.
// Deny access, after 5 minutes since the start of the tfa process.
if ($updated < (time() - 300)) {
$temp_store->delete('tfa-entry-uid');
return $access->andIf(AccessResult::forbidden('Timeout expired.'));
}Closed: duplicate
1.0
Code
I belive this is a duplicate of π TfaLoginController enforces opaque form expiration Active