[#30152] - [4.0] Redirect to com_admin when forcing TFA
- Fixed in Code Base
- 25 Jul 2020
- Medium
- Build: 4.0-dev
- # 30152
- Diff
- SharkyKZ:j4/fix/twofactor-redirect
- Pending Hound Hound is busy sniffing around... Details
User tests: Successful: Unsuccessful:
Fixes #30147.
Summary of Changes
Redirect to com_admin instead of com_users when forced TFA is enabled in backend.
Testing Instructions
Enable some Two Factor Authentication plugins.
Enable "Enforce Two Factor Authentication" for Backend
Create a new user with Access Level "Manager"
Login to backend with new user, setup two factor authentication
Actual result BEFORE applying this Pull Request
Message: "You don't have permission to access this. Please contact a website administrator if this is incorrect."
Expected result AFTER applying this Pull Request
Get redirected to user profile page where TFA can be set up properly.
Documentation Changes Required
No.
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Libraries |
| Labels |
Added:
?
|
||
| Category | Libraries | ⇒ | Administration com_admin Libraries |
Manager Level, before Patch, I got:
Notice
You were redirected because you are required to set up Two Factor Authentication to continue.
An error has occurred.
403 You don't have permission to access this. Please contact a website administrator if this is incorrect.
With Patch:
Then I can't close/leave the session. Had to clear Browser Cache to be able to start again with /administrator entry.
@Harmageddon Thanks, test instructions updated.
@le-jou @ChristineWk please test again.
I have tested this item
Works now, but finishes with warning "Warning
COM_USERS_USERS_ERROR_CANNOT_EDIT_OWN_GROUP"
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30152.
That's not intended.
I have tested this item
With Patch (Manager):
Notice
You were redirected because you are required to set up Two Factor Authentication to continue.
FYI: But I couldn't set up TFA (no experience with this)
@Harmageddon Thks for your assistance to be able to test this PR.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30152.
PR updated. Please test again.
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30152.
This PR does solve the bug. But I'm not sure whether it is the best solution. Is there any particular reason why the save method of ProfileModel has to be independent of its parent? This implementation leads to much duplicated code and I can see issues similar to this one here arising when someone changes UserModel::save without remembering that the same changes have to be included in ProfileModel.
In my tests, reducing the ProfileModel::save method to the following seemed to work:
public function save($data)
{
$user = Factory::getUser();
$pk = $user->id;
$data['id'] = $pk;
$data['block'] = $user->block;
return parent::save($data);
}Or am I missing something? What do you think about it?
I have tested this item
Tested successfully in Beta3-dev of 25 July.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30152.
@Harmageddon I tried not to touch existing logic. With your code I get this when using super user account:
Save failed with the following error: You can't save a user account without selecting at least one user group.
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30152.
| Status | Pending | ⇒ | Ready to Commit |
RTC
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30152.
| Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-07-25 22:52:20 |
| Closed_By | ⇒ | wilsonge | |
| Labels |
Added:
?
|
||
Thanks!
Just a short note for the testing instructions: Might be worth to mention there that one needs to enable one of the TFA plugins in order to run into this situation. ;-)