Verification code not send from site

With further test, it looks like the last code sent is expired but the email is not sent because $has_token is not empty or !$has_token

• This reply was modified 2 years, 7 months ago by GeDInfo.

Hello @gedinfo

Thank you for your message and for using our plugin.

I am sorry to read about your problem. This seems to be more of a specific browser problem though, considering you have no problems with Opera and Edge browser.

Is the problem reproducible if for example, you use Chrome in Incognito mode?

Looking forward to hearing from you.

Hi Robert,

yes we tried everything we could.
With even further tests, we have replicated the problem with all the browsers.
For what i can see and understand OTP doesn’t expire if not used, so $has_expired is valid and the email is not sent. Maybe this problem can be solved just adding a label with “You have already created a validation code, if you lost it click on resend code” or something like that?

Thank you for your reply
Alessio

Hello Alessio,

I am sorry, but I did not understand your answer. What do you mean by you managed to replicate the problem with all the browsers? Do you mean that now you are not being sent an activation code each time you log in with any browser?

In regards to adding a label to resend code, correct, codes over email do not expire unless they are used, and when you try to log in and you have 2FA over email configured, you do have a button to resend a code, as highlighted in this screenshot: https://imgur.com/a/9qD4tgm

Hi Robert,

sorry for the late reply.
Yes, I’ve replicated the problem with all the browsers. But now I know is not a bug per se, but it’s something done with a logic.

My problem is that I use your plugin in some of my clients’ site, so when they don’t receive the code, they write to me looking for a solution.

I think my problem can be resolved with a more detailed label when the code is not send while the page is navigate and the code was already generated but never used.

In shorts I’m changing my ticket from bug to suggestion

Thank you,
Alessio

Hello @gedinfo

Thank you for your suggestion, however, I’m afraid I didn’t understand what the suggestion is exactly. Can you please elaborate?

A quick note about email issues; so far whenever we’ve handled support tickets related to codes over emails the issues were always related to email deliverability issues. Emails either end up in spam, or there is some misconfiguration with the server. When it comes to emails there are several different point of failures that can be causing these issues.

The easiest way to troubleshoot email issues is to install the Email Log plugin and check the email log whenever a user has a problem. If you can see the email in the log, there is not much more we can do because the plugin is sending the email. In such cases you need to check the spam folder, SMTP server logs etc.

Looking forward to hearing from you.

Hi Robert,

we tested and checked the email log and we are sure the email is not even sent from the site.

For my suggestion, I’ve looked inside the plugin’s code and, for what I can understand, I saw the email with che confirmation code is not sent if the last code generated is not used. I was wondering if you can check and write on video if the confirmation code was created before and still valid since the email is not sent in this scenario.

For example:
If I try to log in today, but for some reason I generate the confirmation code but don’t use it (maybe because I don’t need to login anymore). When I try to log in the next day, since the confirmation code was already generated yesterday, the email with the code will not be sent. In this case I think you can add some text with “The confirmation code is already be generated, check your email o click on the ‘resend’ button”

I know it sound crazy, but this scenario already happened a few times with some of our clients

I hope I was clearer this time (English not my first language)

Thank you,
Alessio

Hello Alessio,

Thank you for the clarification.

Indeed, the only situation when the plugin does not send an email is when you try to log in, and a code has already been sent because someone tried to log in earlier, yet never used that code. This is by design – it’s how HOTP works, hence why we have added the “Resend Code” button.

It is not a crazy scenario, these things happen. We will see how to better address this. Ideally we do not want to disclose that a code has already been sent – in security, the less you disclose the better. We can add a setting for administrators too – so they can configure for how long is a code valid. Would that work for you?

By the way, you can always use the whitelabeling options to change the text of the 2FA code page and add a note such as “If you have not received an email with the code, please click the Resend Code button” or something similar.

We will surely looking into how we can make this more user-friendly, however, I am glad that this was not actually a technical problem.

Please let me know if you need further assistance from our end.

Hi Robert,

your solution sounds perfect to me, I’m looking forward to see it implemented in your plugin!

Thank you for you help and time, I’ll mark this ticket as resolved (brilliantly)

Have a nice day,
Alessio

I’m glad this issue has been ironed out Alessio.

Please don’t forget to spare a minute to rate our plugin and service – these rating and reviews really help the plugin and us.

Thank you very much and have a great day.