Can't decipher codes after updating to 5.1.0 about 2fauth HOT 17 CLOSED

Hi,
I made no change to the encryption feature from v5.0.4 to v5.1.0, this is really unexpected.
Do you have a backup of your .env file to confirm the value of APP_KEY has not changed?

from 2fauth.

The App key is the same as before. I saved a backup of the key.

Thanks for quick reply!

If there is no solution for this, I can reimplement the codes (they're not so many).

from 2fauth.

Are you confortable with source code editing? I would like you to test something.

• Edit the file [2fauth_install_dir]/app/Models/TwoFAccount.php
• Line 753, replace this bloc:

            } catch (Exception $ex) {
                return __('errors.indecipherable');
            }

  with

             } catch (Exception $ex) {
                Log::error(sprintf('Decrypt failed: %s', $ex->getMessage()));
                return __('errors.indecipherable');
            }

• Save the file and reload 2FAuth in your browser.
• Open the today's log file in [2fauth_install_dir]/storage/logs/laravel-2024-03-18.log
• Search for the line which contain the string Decrypt failed: .

What other information does this line provide?

from 2fauth.

No problem. Log is placed and returns:

[2024-03-18 15:30:48] local.ERROR: Decrypt failed: The MAC is invalid.  
[2024-03-18 15:30:48] local.ERROR: Decrypt failed: The MAC is invalid.  
[2024-03-18 15:30:48] local.ERROR: Decrypt failed: The MAC is invalid.  
[2024-03-18 15:30:48] local.ERROR: Secret cannot be deciphered, OTP generation aborted  
[2024-03-18 15:30:48] local.ERROR:  {"userId":1,"exception":"[object] (App\\Exceptions\\UndecipherableException(code: 0):  at /home/PATH_TO_2FAUTH/app/Models/TwoFAccount.php:363)
[stacktrace]
#0 /home/PATH_TO_2FAUTH/vendor/laravel/framework/src/Illuminate/Support/Traits/ForwardsCalls.php(23): App\\Models\\TwoFAccount->getOTP()
...

from 2fauth.

Ok thx.

How is set your Show password setting? After a click/tap? Constantly?
If Constantly, please switch to After a click/tap, I wan't to know if all the records are broken are just one of them.

FYI: The url to the settings page is /settings/options

from 2fauth.

I can't access /settings/options because of the error, but /admin/users/ with another user works. I am not sure which option is Show password, but here are the preferences of the user:

showOtpAsDot: true
revealDottedOTP: true
closeOtpOnCopy: false
copyOtpOnDisplay: false
clearSearchOnCopy: false
useBasicQrcodeReader: true
displayMode: list
showAccountsIcons: true
kickUserAfter: 15
activeGroup: 0
rememberActiveGroup: true
viewDefaultGroupOnCopy: false
defaultGroup: 0
defaultCaptureMode: advancedForm
useDirectCapture: false
useWebauthnOnly: false
getOfficialIcons: true
theme: light
formatPassword: true
formatPasswordBy: 0.5
lang: de
getOtpOnRequest: false

I also added the Variables section to the issue description, as I seen them.

from 2fauth.

I looked up the label and Show password stands for otp_generation at /resources/lang/en/settings.php#L135 . Which I set to 'otp_generation_on_request' => 'After a click/tap', if I remember correctly.

from 2fauth.

I looked up the label and Show password stands for otp_generation at /resources/lang/en/settings.php#L135 . Which I set to 'otp_generation_on_request' => 'After a click/tap', if I remember correctly.

Ignore that I found the getOtpOnRequest: false at the bottom and "getOtpOnRequest": false, at the database table for users.

I set it to true and I can now access the dashboard. It contains the OTP entries and warns with "not readable":

from 2fauth.

ok, so all records are locked😞

Do you have a backup of the whole .env file made before the update? If so try to restore it please.

from 2fauth.

Not a current backup. There are some changes to SMTP and Database vars.
I compared it with the current file and nothing changed except the above.

from 2fauth.

What kind of change for the db? location? Type?

from 2fauth.

Type: SQLite to MySQL. SQLite was never used. This change was part of the setup and before the update.

from 2fauth.

Can you check the encoding please. Does it change between the 2 files?

from 2fauth.

I do not have the old .env as a file backup. I compared env.example with .env, because the file was not modified since install.
Both return with file -bi .env: text/plain; charset=us-ascii

from 2fauth.

I'm running out of options... The last reason I think about is a cached key.

Previous versions of 2FAuth provided a .env.example file to start from. This APP_KEY was preset with SomeRandomStringOf32CharsExactly, so if the instance has been running before the APP_KEY has been changed, maybe the preset value has been cached and used all that time while you had changed APP_KEY after the first run.

Try it, we'll know: set your APP_KEY to SomeRandomStringOf32CharsExactly. Does it fix the issue?

from 2fauth.

I set APP_KEY=SomeRandomStringOf32CharsExactly and cleared config, cache and view with artisan. Nothing changed.
I looked up my .env.example and it contains no key: APP_KEY=, which breaks the app.

I recreate my 2 OTPs now. Thanks for your help anyway :)

from 2fauth.

Ok.
Don't know if you had a dump of your DB. If not, you should have (at least) one so you can restore/rollback if something goes wrong.

from 2fauth.