Two Factor Authentication enabled. User is brought to User Management page after login

SuiteCRM version 7.10.4

Two Factor Authentication is enabled for an user. After login and submit the verification code, he is brought to User Management page instead of Dashboard page.

Is this a bug?

I guess.

Maybe you can open an Issue on GitHub with this. Thanks for reporting.

This was reported 7 months ago on

and I am now facing a similar issue.

I have just installed a fresh SuiteCRM7.10.11 on Debian 9

When I activated two-factor authentication, users were thereafter directed to their profile page (not the Edit view, just the normal view) upon login.

They can still go to the home page but it takes an extra click and I’d rather they started on their Home Page

Now here’s the twist: I disabled two-factor authentication for the user (as a test) and they still go to the Profile page on login. They did NOT do that before.

Was this issue previously addressed and solved?

The link you gave is to this same thread :slight_smile:

By “reporting” I mean on GitHub, otherwise the developers won’t see it.

Not one of my more genius moves, posting the same link, …

It has been posted to github and that is the link I meant to use here

Unfortunately that link is marked “Low Priority Bug” so I do not expect any quick action on it by the dev team.

So, in the meantime, does anyone know if there is a way - until this gets resolved by the dev team - that I can use some kind of logic_hook to force the system to take a user to the Home page after login? (if so, please be specific; I am not all that familiar with the coding of SuiteCRM but I am familiar with php, … so if you tell me what to do I can do it)

Have you set up XDEBUG and an IDE so you can debug SuiteCRM? This would probably take you quickly to the point where the redirect is happening.

You can also have a look at both your logs maybe there is a clue in there, maybe it is only redirecting due to some warning condition.

I have used and IDE (assuming you mean Integrated Development Environment) before but never with the framework used by Sugar, so I am not really in a good position to go very far without some pretty specific suggestions like "… put this code there … "

I am trying to figure it out myself but the framework is really “fun” to learn …

I did do a grep search for any file that contained the text “after_login” and got

grep -rn "after_login" .
./custom/modules/Users/logic_hooks.php:7:$hook_array['after_login'] = Array();
./custom/modules/Users/logic_hooks.php:8:$hook_array['after_login'][] = Array(1, 'SugarFeed old feed entry remover', 'modules/SugarFeed/SugarFeedFlush.php','SugarFeedFlush', 'flushStaleEntries');
./install/install_utils.php:2175:    check_logic_hook_file('Users', 'after_login', array(1, 'SugarFeed old feed entry remover', 'modules/SugarFeed/SugarFeedFlush.php', 'SugarFeedFlush', 'flushStaleEntries'));
./service/v3/SugarWebServiceImplv3.php:136:            $current_user->call_custom_logic('after_login');
./service/v3_1/SugarWebServiceImplv3_1.php:422:            $current_user->call_custom_logic('after_login');
./service/core/SugarWebServiceImpl.php:595:        $current_user->call_custom_logic('after_login');
./service/v4/SugarWebServiceImplv4.php:152:            $current_user->call_custom_logic('after_login');
./modules/Users/authentication/AuthenticationController.php:158:                $GLOBALS['current_user']->call_custom_logic('after_login');
./modules/SugarFeed/views/view.adminsettings.php:80:            check_logic_hook_file('Users', 'after_login', array(1, 'SugarFeed old feed entry remover', 'modules/SugarFeed/SugarFeedFlush.php', 'SugarFeedFlush', 'flushStaleEntries'));
./modules/SugarFeed/AdminSettings.php:55:    check_logic_hook_file('Users', 'after_login', array(1, 'SugarFeed old feed entry remover', 'modules/SugarFeed/SugarFeedFlush.php', 'SugarFeedFlush', 'flushStaleEntries'));
./include/utils/LogicHook.php:62: * after_login
./soap/SoapSugarUsers.php:167:        $current_user->call_custom_logic('after_login');

so I will try going through those to see if there is a spot to alter code, but any suggestions are also appreciated.

That after_login grep is not a good way to approach this, I’m afraid. That’s a logic hook, but logic hooks are an extension mechanism, the 2-factor auth code is core code, so it’s not using that mechanism (I didn’t check, but it’s a safe guess).

If you do attempt to setup an IDE (like PHP Storm or Eclipse) and XDEBUG, I would say that is a high-investment, high-payoff option. It will give you some work to get things working, but then the rewards are tremendous.

Are you running SuiteCRM from your PC (just as a demo), or on a server?

This file looks like the place to debug, and there are lots of mentions of redirects:

I did look at the file and I tried, but I cannot figure out where the redirect is being generated, nor where I make edits to override it.

I did confirm that the redirect to the User module is due to the use of Two-Factor authentication

And I did confirm what you said that the after-login hook in the custom/modules/Users directory does not work to override the redirect to the User module

But I do not know where to intercept/override the redirect caused by the use of Two-factor authentication

If anyone has some suggestions, I’d appreciate it.

I don’t know this part of the code, and don’t have time to go into it now, sorry. It doesn’t look too complicated to find out with a debugger stepping through the code - just see where it goes. But I admit that for non-developers (or non-debugger developers, a strange breed) this might be hard to tackle…

Having just spent 3 hours stepping through the code, and not finding what I was looking for, for me at least, it is not easy.

In SugarAuthenticate.php there is a comment that says

 * This file is used to control the authentication process.
 * It will call on the user authenticate and controll redirection
 * based on the users validation

and I looked for every instance of redirect in that file contained and found (line 458)

     * pre_login
     * This function allows the SugarAuthenticate subclasses to perform some pre login initialization as needed
    public function pre_login()
        if (isset($_SESSION['authenticated_user_id'])) {
            // fixing bug #46837: Previosly links/URLs to records in Sugar from MSO Excel/Word were referred to the home screen and not the record
            // It used to appear when default browser was not MS IE
            header("Location: ".$GLOBALS['app']->getLoginRedirect());

but that seemed specific to a previous issue with the IE browser

So I am no further ahead

If anyone can figure this out, please chime in.