? ? ? Pending

User tests: Successful: 2 Murat75, eXsiLe95 Unsuccessful: 0

avatar wilsonge
wilsonge
23 Aug 2017

Moves the encryption libraries to the Joomla Namespace and removes FOF. Note as I've changed the functions to use native PHP functions rather than also porting FOFUtilsPhpfunc I've deliberately not classmapped the FOF classnames as there are b/c breaks

Testing

Check 2FA works before and after PR

avatar joomla-cms-bot joomla-cms-bot - change - 23 Aug 2017
Category Administration com_admin com_users Repository SQL Installation Postgresql Language & Strings Libraries External Library
avatar wilsonge wilsonge - open - 23 Aug 2017
avatar wilsonge wilsonge - change - 23 Aug 2017
Status New Pending
avatar wilsonge wilsonge - change - 23 Aug 2017
Labels Added: ? ?
avatar infograf768 infograf768 - change - 23 Aug 2017
Title
Remove FOF From Joomla Core
[4.0] Remove FOF From Joomla Core
avatar infograf768 infograf768 - edited - 23 Aug 2017
avatar wilsonge wilsonge - change - 23 Aug 2017
The description was changed
avatar wilsonge wilsonge - edited - 23 Aug 2017
avatar wilsonge wilsonge - change - 23 Aug 2017
The description was changed
avatar wilsonge wilsonge - edited - 23 Aug 2017
avatar eXsiLe95 eXsiLe95 - test_item - 24 Aug 2017 - Tested successfully
avatar eXsiLe95
eXsiLe95 - comment - 24 Aug 2017

I have tested this item successfully on cf63da3

Testing

System Information

  • Running on xampp v3.2.2
  • Windows 10 (1703: 15063:540)
  • Chrome 60.0.3112.101 (64bit)
  • PHP 7.1.7
  • Joomla! 4.0-dev (joomla@4.0.0)
  • Patch Tester 3.0.0 Beta 3

Steps

  1. Fresh installation of Joomla! 4.0-dev
  2. Enable TFA in administrator
    1. Go to Extensions > Plugins
      1. Enable Two Factor Authentication - Google Authenticator
      2. Enable Two Factor Authentication - YubiKey
  3. Create users
    1. Go to Users > Manage
    2. Create a new user
    3. Edit the new user and enable Two Factor Authentication
      1. Go to Two Factor Authentication Tab
      2. Select Google Authenticator as Authentication Method
      3. Follow the on screen instructions to set up Google Authenticator
    4. Create a new user
    5. Edit the new user and enable Two Factor Authentication
      1. Got to Two Factor Authentication Tab
      2. Select YubiKey as Authentication Method
      3. Follow the on screen instructions to set up YubiKey Authenticator
  4. Go to frontend/site <yourinstallpath>/index.php
    1. Test without TFA
      1. Try to log in with superuser with wrong password
      2. Try to log in with superuser with additional secret key (is always wrong)
      3. Login with superuser without TFA
      4. Log out
      5. Go to <youtinstallpath>/index.php/login
      6. Try to log in with superuser with wrong password
      7. Try to log in with superuser with additional secret key (is always wrong)
      8. Login with superuser without TFA
      9. Log out
    2. Test with Google TFA
      1. Try to log in with Google TFA user with wrong password but no secret key
      2. Try to log in with Google TFA user with wrong password and wrong secret key
      3. Try to log in with Google TFA user with wrong password but correct secret key
      4. Try to log in with Google TFA user with correct password but no secret key
      5. Try to log in with Google TFA user with correct password but incorrect secret key
      6. Login with the user with Google TFA with the login box
      7. Log out
      8. Go to <youtinstallpath>/index.php/login
      9. Try to log in with Google TFA user with wrong password but no secret key
      10. Try to log in with Google TFA user with wrong password and wrong secret key
      11. Try to log in with Google TFA user with wrong password but correct secret key
      12. Try to log in with Google TFA user with correct password but no secret key
      13. Try to log in with Google TFA user with correct password but incorrect secret key
      14. Login with the user with Google TFA with the login box
      15. Log out
    3. Test with YubiKey
      1. Try to log in with YubiKey TFA user with wrong password but no secret key
      2. Try to log in with YubiKey TFA user with wrong password and wrong secret key
      3. Try to log in with YubiKey TFA user with wrong password but correct secret key
      4. Try to log in with YubiKey TFA user with correct password but no secret key
      5. Try to log in with YubiKey TFA user with correct password but incorrect secret key
      6. Login with the user with YubiKey TFA with the login box
      7. Log out
      8. Go to <youtinstallpath>/index.php/login
      9. Try to log in with YubiKey TFA user with wrong password but no secret key
      10. Try to log in with YubiKey TFA user with wrong password and wrong secret key
      11. Try to log in with YubiKey TFA user with wrong password but correct secret key
      12. Try to log in with YubiKey TFA user with correct password but no secret key
      13. Try to log in with YubiKey TFA user with correct password but incorrect secret key
      14. Login with the user with YubiKey TFA with the login box
      15. Log out
  5. Go to backend/administrator <yourinstallpath/administrator
    1. Test without TFA
      1. Try to log in with superuser with wrong password
      2. Try to log in with superuser with wrong password and additional secret key (is always wrong)
      3. Try to log in with superuser with correct password and additional secret key (is always wrong)
      4. Login with superuser without TFA
      5. Log out
    2. Test with Google TFA
      1. Try to log in with Google TFA user with wrong password but no secret key
      2. Try to log in with Google TFA user with wrong password and wrong secret key
      3. Try to log in with Google TFA user with wrong password but correct secret key
      4. Try to log in with Google TFA user with correct password but no secret key
      5. Try to log in with Google TFA user with correct password but incorrect secret key
      6. Login with the user with Google TFA with the login box
      7. Log out
    3. Test with YubiKey TFA
      1. Try to log in with YubiKey TFA user with wrong password but no secret key
      2. Try to log in with YubiKey TFA user with wrong password and wrong secret key
      3. Try to log in with YubiKey TFA user with wrong password but correct secret key
      4. Try to log in with YubiKey TFA user with correct password but no secret key
      5. Try to log in with YubiKey TFA user with correct password but incorrect secret key
      6. Login with the user with YubiKey TFA with the login box
      7. Log out

Expected result

Login attempts with wrong information will fail and throw an error accordingly. Login attempts with correct login data will be successfull. Installation of R/C should not affect this behavior.

Result before PR

  1. Frontend test (according to step 4)
    1. Without TFA
      1. Test: Works as expected.
      2. Test: Works as expected. (Secret Key field is ignored)
      3. Test: Works as expected.
      4. Test: Works as expected.
      5. Test: Works as expected.
      6. Test: Works as expected.
      7. Test: Works as expected. (Secret Key field is ignored)
      8. Test: Works as expected.
      9. Test: Works as expected.
    2. With Google TFA
      1. Test: Works as expected.
      2. Test: Works as expected.
      3. Test: Works as expected.
      4. Test: Works as expected.
      5. Test: Works as expected.
      6. Test: Works as expected.
      7. Test: Works as expected.
      8. Test: Works as expected.
      9. Test: Works as expected.
      10. Test: Works as expected.
      11. Test: Works as expected.
      12. Test: Works as expected.
      13. Test: Works as expected.
      14. Test: Works as expected.
      15. Test: Works as expected.
    3. With YubiKey TFA
      1. Test: Works as expected.
      2. Test: Works as expected.
      3. Test: Works as expected.
      4. Test: Works as expected.
      5. Test: Works as expected.
      6. Test: Works as expected.
      7. Test: Works as expected.
      8. Test: Works as expected.
      9. Test: Works as expected.
      10. Test: Works as expected.
      11. Test: Works as expected.
      12. Test: Works as expected.
      13. Test: Works as expected.
      14. Test: Works as expected.
      15. Test: Works as expected.
  2. Backend test (according to step 5)
    1. Without TFA
      1. Test: Bug! Secret Key field is required, even though it's not needed (removing required aria-required="true" fixed the issue)
      2. Test: Works as expected.
      3. Test: Works as expected. Secret Key field is ignored, login successfull. A warning was displayed.
      4. Test: Bug! Secret Key field is required, even though it's not needed (removing required aria-required="true" fixed the issue)
      5. Test: Works as expected.
    2. With Google TFA
      1. Test: Works as expected. (Secret Key field is required, but not only for this user!)
      2. Test: Works as expected.
      3. Test: Works as expected.
      4. Test: Works as expected. (Secret Key field is required, but not only for this user!)
      5. Test: Works as expected.
      6. Test: Works as expected.
      7. Test: Works as expected.
    3. With YubiKey TFA
      1. Test: Works as expected. (Secret Key field is required, but not only for this user!)
      2. Test: Works as expected.
      3. Test: Works as expected.
      4. Test: Works as expected. (Secret Key field is required, but not only for this user!)
      5. Test: Works as expected.
      6. Test: Works as expected.
      7. Test: Works as expected.

Result with PR

  1. Frontend test (according to step 4)
    1. Without TFA
      1. Test: Works as expected.
      2. Test: Works as expected. (Secret Key field is ignored)
      3. Test: Works as expected.
      4. Test: Works as expected.
      5. Test: Works as expected.
      6. Test: Works as expected.
      7. Test: Works as expected. (Secret Key field is ignored)
      8. Test: Works as expected.
      9. Test: Works as expected.
    2. With Google TFA
      1. Test: Works as expected.
      2. Test: Works as expected.
      3. Test: Works as expected.
      4. Test: Bug! The requested page can't be found. but login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      5. Test: Bug! The requested page can't be found. but login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      6. Test: Bug! The requested page can't be found. and login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      7. Test: Works as expected.
      8. Test: Works as expected.
      9. Test: Works as expected.
      10. Test: Works as expected.
      11. Test: Works as expected.
      12. Test: Bug! The requested page can't be found. but login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      13. Test: Bug! The requested page can't be found. but login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      14. Test: Bug! The requested page can't be found. and login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      15. Test: Works as expected.
    3. With YubiKey TFA
      1. Test: Works as expected.
      2. Test: Works as expected.
      3. Test: Works as expected.
      4. Test: Bug! The requested page can't be found. but login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      5. Test: Bug! The requested page can't be found. but login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      6. Test: Bug! The requested page can't be found. and login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      7. Test: Works as expected.
      8. Test: Works as expected.
      9. Test: Works as expected.
      10. Test: Works as expected.
      11. Test: Works as expected.
      12. Test: Bug! The requested page can't be found. but login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      13. Test: Bug! The requested page can't be found. but login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      14. Test: Bug! The requested page can't be found. and login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      15. Test: Works as expected.
  2. Backend test (according to step 5)
    1. Without TFA
      1. Test: Bug! Secret Key field is required, even though it's not needed (removing required aria-required="true" fixed the issue)
      2. Test: Works as expected.
      3. Test: Works as expected. Secret Key field is ignored, login successfull. A warning was displayed.
      4. Test: Bug! Secret Key field is required, even though it's not needed (removing required aria-required="true" fixed the issue)
      5. Test: Works as expected.
    2. With Google TFA
      1. Test: Works as expected. (Secret Key field is required, but not only for this user!)
      2. Test: Works as expected.
      3. Test: Works as expected.
      4. Test: Works as expected. (Secret Key field is required, but not only for this user!)
      5. Test: Bug! The requested page can't be found. and login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      6. Test: Bug! The requested page can't be found. and login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      7. Test: Works as expected.
    3. With YubiKey TFA
      1. Test: Works as expected. (Secret Key field is required, but not only for this user!)
      2. Test: Works as expected.
      3. Test: Works as expected.
      4. Test: Works as expected. (Secret Key field is required, but not only for this user!)
      5. Test: Bug! The requested page can't be found. and login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      6. Test: Bug! The requested page can't be found. and login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      7. Test: Works as expected.

Testing results (in a nutshell)

  • The directory Joomla\CMS\Encrypt\Aes, located in <yourinstallpath>\libraries\src\ does not exist. It is only available in the old folder of FOF.
    Using the PatchInstaller 3.0.0, the files were not changed correctly. I now used an installation in which the PR was applied using the DIFF-URL and git apply
  • There is a bug (pre and post PR) where the Secret Key field is always required, even though the user does not have TFA enabled. There needs to be a checke whether or not TFA is activated (according to username)

Tested @icampus


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/17687.

avatar brianteeman
brianteeman - comment - 24 Aug 2017

how can that be marked a successful test when it identifies numerous bugs?

avatar eXsiLe95
eXsiLe95 - comment - 24 Aug 2017

@brianteeman The exclution of FOF works perfectly fine - it's another bug that encountered before. This should be another issue, I guess, since it has nothing to do with the topic or goal of this issue directly. Also, the testing procedure of this issue (exclution of FOF) is very huge, testing for this little bug is much easier in another issue with fewer steps.

@wilsonge It could also be fixed here! But then I have to check the whole procedure again in the name of issue tracking ;)


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/17687.

avatar wilsonge
wilsonge - comment - 24 Aug 2017

I see you've updated your references. Does this mean it is or isn't working in entirety now?

avatar roland-d
roland-d - comment - 24 Aug 2017

@wilsonge We just tested this on a clean 4.0-dev checkout. If you have 2FA enabled and want to login with a user that does not have 2FA enabled you cannot login on backend. You get this:

image

So this is an issue not related to your PR but a pre-existing issue.

Your PR works as expected.

avatar brianteeman
brianteeman - comment - 24 Aug 2017

ah i see what yu mean abut the aria-required

avatar wilsonge
wilsonge - comment - 24 Aug 2017

OK In that case I'm happy :) @roland-d do you want to get the students to open a separate issue for that (also is that an issue in 3.x or 4 only?)

avatar roland-d
roland-d - comment - 24 Aug 2017

@wilsonge It is only an issue in 4.x. I will let @eXsiLe95 create a new PR with a fix for this issue as he found it.

avatar wilsonge
wilsonge - comment - 24 Aug 2017

?

avatar wilsonge wilsonge - change - 24 Aug 2017
Status Pending Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2017-08-24 13:19:22
Closed_By wilsonge
Labels Added: ?
avatar wilsonge wilsonge - close - 24 Aug 2017
avatar wilsonge wilsonge - merge - 24 Aug 2017
avatar Murat75 Murat75 - test_item - 28 Aug 2017 - Tested successfully
avatar Murat75
Murat75 - comment - 28 Aug 2017

I have tested this item successfully on cf63da3

I have tested this item successfully on cf63da3

System Information
Running on XAMPP 7.1.4-0
macOS Sierra Version 10.12.6
Safari Version 10.1.2
PHP 7
Joomla! 4.0-dev (joomla@4.0.0)

Steps

  1. Install XAMP 7.1.4-0 on macOS

  2. Install joomla from github with the branch 4.0-dev

  3. Clone this on your Mac with your Download an ZIP-File and put it on the htdocs

  4. XAMPP on mac is difficult with the user rights, you must be give on terminal the folder admin rights with "chmod 777" to continue install joomla-4

  5. Install Joomla4

  6. You must activate the Two Factor Authentication

    1. Backend -> Control Panel -> Extension -> Manage -> Manage and activate Google Authenticator and YubiKey
  7. create user

    1. Backend -> User -> Manage -> create 2 users (1. google, 2. yubi)
    2. give user "google" the Google Authentication Method
    3. give user "yubi" the Yubikey Authentication Method
  8. Go to frontend/site /index.php

    1. Test without TFA

      1. Try to log in with superuser with wrong password -> it works
      2. Try to log in with superuser with additional secret key -> it doestn work because the secret key must be enabled
      3. Login with superuser without TFA -> it works
      4. Log out
      5. Go to /index.php/login
      6. Try to log in with superuser with wrong password -> doesnt work, because wrong password
      7. Try to log in with superuser with additional secret key -> it doestn work because the secret key must be enabled
      8. Login with superuser without TFA -> it works
      9. Log out
    2. Test with Google TFA

      1. Try to log in with Google TFA user with wrong password but no secret key -> it doesnt work, Username and password do not match or you do not have an account yet.
      2. Try to log in with Google TFA user with wrong password and wrong secret key -> doenst work, Username and password do not match or you do not have an account yet.
      3. Try to log in with Google TFA user with wrong password but correct secret key -> doesnt work, Username and password do not match or you do not have an account yet.
      4. Try to log in with Google TFA user with correct password but no secret key -> doesnt work, The two factor authentication Secret Key is invalid.
      5. Try to log in with Google TFA user with correct password but incorrect secret key -> doesnt work, The two factor authentication Secret Key is invalid.
      6. Login with the user with Google TFA with the login box -> it works
      7. Log out
      8. Go to /index.php/login
      9. Try to log in with Google TFA user with wrong password but no secret key -> Username and password do not match or you do not have an account yet.
      10. Try to log in with Google TFA user with wrong password and wrong secret key -> Username and password do not match or you do not have an account yet.
      11. Try to log in with Google TFA user with wrong password but correct secret key -> Username and password do not match or you do not have an account yet.
      12. Try to log in with Google TFA user with correct password but no secret key -> The two factor authentication Secret Key is invalid.
      13. Try to log in with Google TFA user with correct password but incorrect secret key -> The two factor authentication Secret Key is invalid.
      14. Login with the user with Google TFA with the login box -> it works
      15. Log out
    3. Test with YubiKey

      1. Try to log in with YubiKey TFA user with wrong password but no secret key -> Username and password do not match or you do not have an account yet.
      2. Try to log in with YubiKey TFA user with wrong password and wrong secret key -> Username and password do not match or you do not have an account yet.
      3. Try to log in with YubiKey TFA user with wrong password but correct secret key -> Username and password do not match or you do not have an account yet.
      4. Try to log in with YubiKey TFA user with correct password but no secret key -> The two factor authentication Secret Key is invalid.
      5. Try to log in with YubiKey TFA user with correct password but incorrect secret key -> The two factor authentication Secret Key is invalid.
      6. Login with the user with YubiKey TFA with the login box -> it works
      7. Log out
      8. Go to /index.php/login
      9. Try to log in with YubiKey TFA user with wrong password but no secret key -> Username and password do not match or you do not have an account yet.
      10. Try to log in with YubiKey TFA user with wrong password and wrong secret key -> Username and password do not match or you do not have an account yet.
      11. Try to log in with YubiKey TFA user with wrong password but correct secret key -> Username and password do not match or you do not have an account yet.
      12. Try to log in with YubiKey TFA user with correct password but no secret key -> The two factor authentication Secret Key is invalid.
      13. Try to log in with YubiKey TFA user with correct password but incorrect secret key -> The two factor authentication Secret Key is invalid.
      14. Login with the user with YubiKey TFA with the login box -> it works
      15. Log out
  9. Go to backend/administrator <yourinstallpath/administrator

    1. Test without TFA

      1. Try to log in with superuser with wrong password -> Username and password do not match or you do not have an account yet.
      2. Try to log in with superuser with wrong password and additional secret key -> Username and password do not match or you do not have an account yet.
      3. Try to log in with superuser with correct password and additional secret key -> it works
      4. Login with superuser without TFA -> works
      5. Try to log in with superuser with correct password and incorrect secret key -> it works, but there are a Warning with this line: You need to enable two factor authentication in your user profile to use the secret code field.
      6. Log out
    2. Test with Google TFA

      1. Try to log in with Google TFA user with wrong password but no secret key -> Username and password do not match or you do not have an account yet.
      2. Try to log in with Google TFA user with wrong password and wrong secret key ->Username and password do not match or you do not have an account yet.
      3. Try to log in with Google TFA user with wrong password but correct secret key -> Username and password do not match or you do not have an account yet.
      4. Try to log in with Google TFA user with correct password but no secret key -> The two factor authentication Secret Key is invalid.
      5. Try to log in with Google TFA user with correct password but incorrect secret key ->The two factor authentication Secret Key is invalid.
      6. Login with the user with Google TFA with the login box -> it works
      7. Log out
    3. Test with YubiKey TFA

      1. Try to log in with YubiKey TFA user with wrong password but no secret key -> Username and password do not match or you do not have an account yet.
      2. Try to log in with YubiKey TFA user with wrong password and wrong secret key -> Username and password do not match or you do not have an account yet.
      3. Try to log in with YubiKey TFA user with wrong password but correct secret key -> Username and password do not match or you do not have an account yet.
      4. Try to log in with YubiKey TFA user with correct password but no secret key -> The two factor authentication Secret Key is invalid.
      5. Try to log in with YubiKey TFA user with correct password but incorrect secret YubiKey -> The two factor authentication Secret Key is invalid.
      6. Login with the user with YubiKey TFA with the login box -> it works
      7. Log out

Now I install the joomla from Wilson with is fixedwrong PR and started the test again.

  1. Go to frontend/site /index.php
    1. Test without TFA

      1. Try to log in with superuser with password -> it works
      2. Try to log in with superuser with additional secret key -> it works, but give an Warning: You need to enable two factor authentication in your user profile to use the secret code field.
      3. Login with superuser without TFA -> it works
      4. Log out
      5. Go to /index.php/login
      6. Try to log in with superuser with wrong password -> doesnt work, Username and password do not match or you do not have an account yet.
      7. Try to log in with superuser with additional secret key -> it works, You need to enable two factor authentication in your user profile to use the secret code field.
      8. Login with superuser without TFA -> it works
      9. Log out
    2. Test with Google TFA

      1. Try to log in with Google TFA user with wrong password but no secret key -> it doesnt work, Username and password do not match or you do not have an account yet.
      2. Try to log in with Google TFA user with wrong password and wrong secret key -> doenst work, Username and password do not match or you do not have an account yet.
      3. Try to log in with Google TFA user with wrong password but correct secret key -> doesnt work, Username and password do not match or you do not have an account yet.
      4. Try to log in with Google TFA user with correct password but no secret key -> doesnt work, The two factor authentication Secret Key is invalid.
      5. Try to log in with Google TFA user with correct password but incorrect secret key -> doesnt work, The two factor authentication Secret Key is invalid.
      6. Login with the user with Google TFA with the login box -> it works
      7. Log out
      8. Go to /index.php/login
      9. Try to log in with Google TFA user with wrong password but no secret key -> Username and password do not match or you do not have an account yet.
      10. Try to log in with Google TFA user with wrong password and wrong secret key -> Username and password do not match or you do not have an account yet.
      11. Try to log in with Google TFA user with wrong password but correct secret key - > Username and password do not match or you do not have an account yet.
      12. Try to log in with Google TFA user with correct password but no secret key -> The two factor authentication Secret Key is invalid.
      13. Try to log in with Google TFA user with correct password but incorrect secret key -> The two factor authentication Secret Key is invalid.
      14. Login with the user with Google TFA with the login box -> it works
      15. Log out
    3. Test with YubiKey

      1. Try to log in with YubiKey TFA user with wrong password but no secret key -> Username and password do not match or you do not have an account yet.
      2. Try to log in with YubiKey TFA user with wrong password and wrong secret key -> Username and password do not match or you do not have an account yet.
      3. Try to log in with YubiKey TFA user with wrong password but correct secret key -> Username and password do not match or you do not have an account yet.
      4. Try to log in with YubiKey TFA user with correct password but no secret key -> The two factor authentication Secret Key is invalid.
      5. Try to log in with YubiKey TFA user with correct password but incorrect secret key -> The two factor authentication Secret Key is invalid.
      6. Login with the user with YubiKey TFA with the login box -> it works
      7. Log out
      8. Go to /index.php/login
      9. Try to log in with YubiKey TFA user with wrong password but no secret key -> Username and password do not match or you do not have an account yet.
      10. Try to log in with YubiKey TFA user with wrong password and wrong secret key -> Username and password do not match or you do not have an account yet.
      11. Try to log in with YubiKey TFA user with wrong password but correct secret key -> Username and password do not match or you do not have an account yet.
      12. Try to log in with YubiKey TFA user with correct password but no secret key -> The two factor authentication Secret Key is invalid.
      13. Try to log in with YubiKey TFA user with correct password but incorrect secret key -> The two factor authentication Secret Key is invalid.
      14. Login with the user with YubiKey TFA with the login box -> it works
      15. Log out
        This comment was created with the <a

Tested @icampus


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/17687.

Add a Comment

Login with GitHub to post a comment