This is a known issue which is why the plugins all have warning text about this. If you can come up with a way to programmatically prevent the last authentication plugin from being disabled that would be awesome. Remember that there can be 3pd authentication plugins as well

Especially that an easy check "are you the last publish auth plugin" is not enough, because at the end there could be an auth plugin left which still does not allow to login and the site is "broken".

Just wanted to point out because a user contacted me for support being blocked to login to the backend. He thought that the problem was one extension of mine... but actually it's the Joomla core that allows a similar situation.

I would vote for just changing the warning message to a more helpful "There are no authentication plugins enabled"

It is perfectly reasonable to expect/allow a site to operate with no authentication plugins enabled, should the admin/developer wish. The site might never be logged into and deployed using a deployment scheme from git or ci/cd processes.

The plugin architecture has been abused so much (core/protected plugins that can never be disabled etc) that the original aim (that they could be enabled/disabled) has been lost.

Closing because thie is expected behaviour.

However this is yet another example of error messages showing the PHP class name and method ... these need to be nuked

Sent from my iPhone

On 20 Dec 2020, at 14:09, Robert Deutz notifications@github.com wrote:


Closing because thie is expected behaviour.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.