I've got meteor-two-factor working, it's great -- but I need to have a person be able to log in without 2FA. I've gone over this and tried a bunch of things, but it seems to me that this line in verifyCodeAndLogin on the server side

What am I missing here? Does anyone have this working? Thanks!

The following event results in an error. The normal code generation works perfectly

'click #resend-security-code'(e) {
      e.preventDefault();
      twoFactor.getNewAuthCode(error => {
        if (error) {
          bootbox.alert(error.reason);
          this.state.securityBtnCheckWaiting = false;

        }
      });
    }

Exception in delivering result of invoking 'twoFactor.getAuthenticationCode': TypeError: handlerCb is not a function

• 1. The getAuthCode user argument should be object with username or email property. Cause current way deny us to use @ in username.
• 2. Add functions/methods for more usecases - for example fire method which generate code for logged in user. So we can put just some actions behind 2way auth. Could be useful for password changes etc... too.
• 3. And also put the function which check the code directly into twoFactor server side object, so we can use it in our own methods which handle functionality behind already logged in user for functionality which need to be behind code check.

I can prepare PR if needed.

If the user reloads the Page the code is invalid. What about saving auth state in localStorage?

Hi David ,

First, thank you for your job, your 2FA plugin works great !
Since two days ago, I tried to implement the aldeed:collection2-core plugin (pretty mainstream in meteor dev...). Here's my issue :

The creation of a user works & the new schema is attached to the user.
But I'm unable to log in my account: the first login step works great, I receive the code, but the verify step give me a 403 error
Error: Invalid code [403] at [object Object].twoFactorVerifyCodeAndLogin (packages/dburles:two-factor/server.js:87:13)
So this line is:

      if (options.code !== user[fieldName]) {                                                                // 86
        throw new Meteor.Error(403, "Invalid code");                                                         // 87
      }                                                                                                                            // 88

At the end of my user schema, if I comment the last line
Meteor.users.attachSchema(Schema.User);
everything is back to normal - like a charm. But obviously, the new user schema is not attached to the user...

Any idea of what is going on ?
Help me Obi Wan Kanobi.

In details, in the Method twoFactor.verifyCodeAndLogin :

• At start:

userId : null
params : [{"user":{"email":"[email protected]"},"password":"passpass","code":"234926"}]

• the find on users return:

coll : users
func : find
selector : {"emails.address":"[email protected]"}

-the fetch on users return:

coll : users
selector : {"emails.address":"[email protected]"}
func : fetch
cursor : true
limit : 1
docsFetched : 1
docSize : 516

• then the error:

message: Invalid code [403] 
stack:
Error: Invalid code [403]
    at [object Object].twoFactorVerifyCodeAndLogin (packages/dburles:two-factor/server.js:87:13)
    at [object Object].methodMap.(anonymous function) (packages/meteorhacks_kadira.js:2731:30)
    at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1711:12)
    at packages/ddp-server/livedata_server.js:711:19
    at [object Object]._.extend.withValue (packages/meteor.js:1122:17)
    at packages/ddp-server/livedata_server.js:709:40
    at [object Object]._.extend.withValue (packages/meteor.js:1122:17)
    at packages/ddp-server/livedata_server.js:707:46
    at Session.method (packages/ddp-server/livedata_server.js:681:23)
    at packages/meteorhacks_kadira.js:2619:38

Upgrade from 1.1.1 to 1.1.2 will cause login forbidden after sending verification code.
Login forbidden is thrown by meteor.

I downgraded to 1.1.1 and everything work like expected.

Hi again @dburles,

You helped me a month ago with a compatibility issue with aldeed:collection2-core: thanks.

Sorry for this newbie question (not an issue...), but I can't understand how on server side, allowing regular sign in.
I can't figure how to define the twoFactorEnabled property. And how to set my options?

// Optional
// Conditionally allow regular or two-factor sign in
twoFactor.validateLoginAttempt = options => {
  return !! options.user.twoFactorEnabled;
};

My idea is to allow regular login for the users who don't have a phone number (profile.phone): cause in my App, the code is sended by sms.
Can you help me?
Thanks in advance for reading me so far.

Hello! I found your package very useful, thank you for it!
But I got a problem I can't find a way to solve.

For created user instead of logginWithPassword after email and password submit I want to confirm his email for signIn:

-> I'm using getAuthCode instead of ligginWithPassword:

-> afterwards I can get user and code in sendCode:

-> then, I'm getting email with a link to my component where I can read token from route:

-> after I'm following the link where my verification component trying to veryfyAndLogin

=> but I'm getting error:

I think that selector doesn't have access to state and can't provide such data as 'user' and 'password' to login. I think that I don't understand it properly and hope on your help!

Will be glad to contact in telegram if smth.
My contacts: +375(29)182-52-97 / chelovekdrakon.

Sincerely Fiodar Morau.

Hello,

My app has 2 account types allowed:

• Google OAuth based for specific domains
• Password based where 2FA is enabled with your package.

I am trying to put some logic in validateLoginAttempt which doesn't seem to be firing based except if it is resume login attempt. Am I doing something wrong?
It also seems that Accounts.onLogin callback does not fire at all for accounts through 2FA. Is that expected?

Please let me know.

thanks !

Great stuff otherwise, thanks for putting this together !
Antoine

It seems the plugin clears the Meteor.user on page refresh. Anyone has facing this issue before?

Add client API method for canceling verification process:
IMO it has to do two things:

1. clear twoFactorCode value in the user doc (on the server)
2. reset isVerifying state

This will allow new login attempt with another account.

can create PR if help needed

When I create my custom login method I get Login Forbidden while using this package.

What could be the problem?

Hi, thanks for the great works you have done making this package.
I'd like to know if is possible to use the default Meteor.loginWithPassword in conjunction while using this package whitin a project. Actually when I try to create two different login sections, one using two-factor and one using the default Meteor login, I get a login forbidden error using Meteor.loginWithPassword.