Language Change ? Pending

User tests: Successful: Unsuccessful:

avatar SniperSister
SniperSister
29 Mar 2022

Pull Request for Issue #37413.

Summary of Changes

Remove the auth binding field and checking code to disable the feature until a proper solution has been implemented see #37405.

Testing Instructions

See #37413

Actual result BEFORE applying this Pull Request

You are NOT logged into the site

Expected result AFTER applying this Pull Request

You are logged into the site

avatar SniperSister SniperSister - open - 29 Mar 2022
avatar SniperSister SniperSister - change - 29 Mar 2022
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 29 Mar 2022
Category Administration com_admin Front End Plugins
avatar SniperSister SniperSister - change - 29 Mar 2022
Labels Added: ?
avatar nikosdion
nikosdion - comment - 29 Mar 2022

While this fixes the lockout it does not address the other issues with this feature.

To begin with, this feature is so broken that it OVERRIDES ITSELF. Selecting None has no effect. I cannot tell Joomla to NOT care about which authentication method I am going to use. Upon next login it will OVERRIDE my preference!!!

If I log in with any authentication method that is, indeed, an authenticator plugin I can no longer log in with any other method. This is not how Joomla is used in the real world! There are legitimate use cases where multiple authentication methods are needed e.g. when using a forum bridge I expect to be able to log into the site with either my Joomla or my forum credentials to name just the most glaringly obvious use case.

If I am using a username and password login method other than Joomla the Two Factor Authentication no longer applies, reverting 10 years of me attempting to bring login security to Joomla. Are you sure you understand the subject matter? All the evidence points to the contrary! How can you conceivably put a “security” feature in Joomla which undoes ACTUAL security features we put in place ten years ago?!

It does not address the fact that WebAuthn and other non-password authentication methods are not listed, misleading and confusing users.

It does not address that the labels and options are confusing and nonsensical.

IMHO it would have been better if this feature was reverted, rethought, reimplemented and only merged in 4.2 if not 5.0 (since it's a major b/c break).

As a result I am not providing a successful test. Replacing something totally borked with something glaringly broken is not a solution. It's perpetuation of the problem you introduced.

avatar bayareajenn
bayareajenn - comment - 29 Mar 2022

I have tested this item successfully on 036665e

It took a hell of a lot of effort and help from the CMS Release Team but I managed to test this successfully. I did have to login to the frontend twice after applying the fix/PR. First time it said my session was pooched or something like that. Second time it worked.


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/37416.

avatar bayareajenn bayareajenn - test_item - 29 Mar 2022 - Tested successfully
avatar joomla-cms-bot joomla-cms-bot - change - 30 Mar 2022
Category Administration com_admin Front End Plugins Administration com_users Front End Libraries Plugins
avatar SniperSister SniperSister - change - 30 Mar 2022
The description was changed
avatar SniperSister SniperSister - edited - 30 Mar 2022
avatar SniperSister SniperSister - change - 30 Mar 2022
Title
[3.10] Only bind users to primary auth providers
[3.10] Disable auth binding code introduced with 3.10.7
avatar SniperSister SniperSister - edited - 30 Mar 2022
avatar joomla-cms-bot joomla-cms-bot - change - 30 Mar 2022
Category Administration Front End Plugins com_users Libraries Administration com_users Language & Strings Front End Libraries Plugins
avatar ssnobben
ssnobben - comment - 30 Mar 2022

Pls do a special update for Joomla 3.10.8 and 4.1.2 release asap for public after this important fix.

avatar SniperSister SniperSister - change - 30 Mar 2022
Labels Added: Language Change
avatar nikosdion
nikosdion - comment - 30 Mar 2022

I have tested this item successfully on 735e597

I approve of this version of the PR. Please consider this as a successful test for the Joomla 4 PR as well.


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/37416.

avatar nikosdion
nikosdion - comment - 30 Mar 2022

I have tested this item successfully on 735e597

I approve of this version of the PR. Please consider this as a successful test for the Joomla 4 PR as well.


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/37416.

avatar nikosdion nikosdion - test_item - 30 Mar 2022 - Tested successfully
avatar joomla-cms-bot joomla-cms-bot - change - 30 Mar 2022
Category Administration Front End Plugins com_users Libraries Language & Strings Administration com_admin com_users Language & Strings Front End Libraries Plugins
avatar richard67
richard67 - comment - 30 Mar 2022

@nikosdion Could you test (or review) again after the latest changes? Thanks in advance.

avatar zero-24 zero-24 - change - 30 Mar 2022
Status Pending Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2022-03-30 12:00:44
Closed_By zero-24
avatar zero-24 zero-24 - close - 30 Mar 2022
avatar zero-24 zero-24 - merge - 30 Mar 2022
avatar zero-24
zero-24 - comment - 30 Mar 2022

Merging here for now thanks for your work here,

Add a Comment

Login with GitHub to post a comment