Shared Login with OTP

hugo

I´m testing sharing login link, and when I open it the TOTP wont work, stay freeze on "Hover.."

hugo

error when loads the page

hugo

error when mouseover on "Hover..

wrongecho

Does the OTP show on the tech portal when you hover?

Can you share the string you're inputting into the OTP login entry field? *If you're not comfortable sharing, the format should be as per the secret key here: https://totp.danhersam.com/

hugo

yes, work normal on tech portal… only on shared link give me these errors…

and the otp is generating numbers ok, validated the login with it

hugo

tested puting my key in this site, it works too, I've validated generated numbers login in ( its a microsoft 365 account )

wrongecho

Are you able to reproduce on the demo?

Seems OK for me: https://demo.itflow.org/guest_view_item.php?id=20&key=Axjif5MefhdHjaCFLrTTBI3h1AHcLy5TkIJoCuzaHVCDER7vgrdc0v6PClEcTihQtES5uQj89iVomq6LXdiJ9t0V1ALt3DBkWm9riSTHeWQafUdOY3wMxZWVAqwfPmZm2QzjWcgEV15VXVp37AT6UjQ9cs9g&ek=5zRAskAI1RPcbHLz

hugo

same problem…
with edge and chrome

wrongecho

~~Oh, Firefox seems to be fine but Chrome fails. Interesting..~~

wrongecho

Correction, this works if you are logged into the client portal - browser plays no role. I am able to reproduce, thank you 🙂

It seems this file was edited to point to ajax.php to decode the OTP using the secret. We need to move this to point to a publicly accessible ajax endpoint instead.

I think here is when it was changed: itflow-org/itflow3bd8842

wrongecho

Sorry for the delay. itflow-org/itflow917 should patch this.

johnny

Pulling this in Thanks for the fix @wrongecho