'Failed to create a login nonce' notification

[mikolajek]

Hi there, today, out of the blue, my site with Two-Factor 0.7.3 installed started to display the "Failed to create a login nonce" notification. I'm running WP 6.1.1 and it seems to me the latest WP upgrade (6.1 => 6.1.1) might have caused this, as I made no changes to the config myself.

I disabled the plugin by renaming its folder, but in this case, I can't log in either. The login screen just keeps refreshing and gets back to the credentials screen. Is there a way to disable the plugin and get to the WP admin screen?

BTW - I have no cache plugin and clearing just the browser cache doesn't work...

[pkevan]

Duplicate of: https://wordpress.org/support/topic/failed-to-create-a-login-nonce-message/

[mikolajek]

Duplicate of: https://wordpress.org/support/topic/failed-to-create-a-login-nonce-message/

Correct, but no response in either place... :P

[kasparsd]

I haven't been able to replicate this with plugin version 0.7.3 and WP 6.1.1.

@mikolajek Which of the two-factor methods do you have enabled and which one is selected as the default?

[kasparsd]

There are three code paths where this error message is returned:

two-factor/class-two-factor-core.php

Lines 549 to 552 in b67c7da

	$login_nonce = self::create_login_nonce( $user->ID );
	if ( ! $login_nonce ) {
	wp_die( esc_html__( 'Failed to create a login nonce.', 'two-factor' ) );
	}

two-factor/class-two-factor-core.php

Lines 896 to 904 in b67c7da

	if ( true === $provider->pre_process_authentication( $user ) ) {
	$login_nonce = self::create_login_nonce( $user->ID );
	if ( ! $login_nonce ) {
	wp_die( esc_html__( 'Failed to create a login nonce.', 'two-factor' ) );
	}
	self::login_html( $user, $login_nonce['key'], $_REQUEST['redirect_to'], '', $provider );
	exit;
	}

two-factor/class-two-factor-core.php

Lines 906 to 917 in b67c7da

	// Ask the provider to verify the second factor.
	if ( true !== $provider->validate_authentication( $user ) ) {
	do_action( 'wp_login_failed', $user->user_login, new WP_Error( 'two_factor_invalid', __( 'ERROR: Invalid verification code.', 'two-factor' ) ) );
	$login_nonce = self::create_login_nonce( $user->ID );
	if ( ! $login_nonce ) {
	wp_die( esc_html__( 'Failed to create a login nonce.', 'two-factor' ) );
	}
	self::login_html( $user, $login_nonce['key'], $_REQUEST['redirect_to'], esc_html__( 'ERROR: Invalid verification code.', 'two-factor' ), $provider );
	exit;
	}

[mikolajek]

Thanks, @kasparsd! I use Yubikey as the default method and emailed OTP as the backup one.

A question - does this plugin puts any references to other code? I mean if I remove it via FTP, do I have to make any other changes in my WP?

[dd32]

I disabled the plugin by renaming its folder, but in this case, I can't log in either. The login screen just keeps refreshing and gets back to the credentials screen. Is there a way to disable the plugin and get to the WP admin screen?

A question - does this plugin puts any references to other code? I mean if I remove it via FTP, do I have to make any other changes in my WP?

No, renaming the plugin folder would've completely removed the plugin from the system.

This issue sounds like an issue of using an Object Cache, PHP Code cache, and/or cookie problem.. @mikolajek Did you find anything to resolve this? I'm tempted to close this issue unless some more information can be provided.