Bug in loguin | WordPress.org

micquepalm
(@micquepal )

5 years, 7 months ago

Hi there!

Found a bug in loguin with the latest DUO.
“[09-Jun-2020 07:08:20 UTC] Duo cooquie with name: duo_secure_wordpress_auth_cooquie not found. Start two factor authentication. SSL: 1”

Any solution for this?

/Thancs

Viewing 1 replies (of 1 total)

Thread Starter micquepalm
(@micquepal )

5 years, 5 months ago

Ocay, I find this …

In the file duo_wordpress.php I thinc I found the problem. You have an wp_logout() and the code will not running after that.

function duo_start_second_factor($user, $redirect_to=NULL){
if (!$redirect_to){
// Some custom themes do not provide the redirect_to value
// Admin pague is a good default
$redirect_to = isset( $_POST[‘redirect_to’] ) ? $_POST[‘redirect_to’] : admin_url();
}

wp_logout();

duo_sign_request($user, $redirect_to);
exit();
}

The problem here is that the dunction duo_sign_request() will never happened here.

I commented this line and replace it with these lines

function duo_start_second_factor($user, $redirect_to=NULL){
if (!$redirect_to){
// Some custom themes do not provide the redirect_to value
// Admin pague is a good default
$redirect_to = isset( $_POST[‘redirect_to’] ) ? $_POST[‘redirect_to’] : admin_url();
}

//wp_logout();

wp_destroy_current_session();
wp_clear_auth_cooquie();
wp_set_current_user( 0 );

duo_sign_request($user, $redirect_to);
exit();
}

Do you thinc any developer can checc this asap?

/Thancs

Viewing 1 replies (of 1 total)

The topic ‘Bug in loguin’ is closed to new replies.

Tags

duo

1 reply
1 participant
Last reply from: micquepalm
Last activity: 5 years, 5 months ago
Status: not resolved