[#38436] - Allow the statistics plugin to run on the captive page
- Fixed in Code Base
- 13 Aug 2022
- Medium
- Build: 4.2-dev
- # 38436
- Diff
- roland-d:feature/allow-statistics-plugin-to-run-on-mfa
User tests: Successful: Unsuccessful:
Summary of Changes
When a user is using multi-factor authentication to login it may show some HTML in the message box. This is the result of a failed check on the multi-factor authentication because the Statistics plugin is trying to send data to the Joomla server On the captive page a user is already logged-in but it has not yet completed the multi-factor authentication. Duh, we are trying to complete that page when the "message" shows up. This is part of what a user will see:
The page can still be used but it does not look pretty.
Testing Instructions
This assumes you have setup one or more multi-factor authtentications
- Enable the Statistics plugin
- Open the file
plugins/system/stats/stats.php - Uncomment line 24 so it says
define('PLG_SYSTEM_STATS_DEBUG', 1); - Log out of the website
- Login by entering a username and password
- You now get to the captive page and soon after the image shown in the summary will popup
- You can click on
Select a different methodin the toolbar and you go to the page to select which multi-factor authentication you want to use but again the message popup will show - Apply the patch
- Refresh or repeat steps 5 - 7. You should no longer see the popups
Actual result BEFORE applying this Pull Request
You get some HTML output in the message box
Expected result AFTER applying this Pull Request
No message box is shown
Documentation Changes Required
None
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Libraries |
I'm on vacation until the 22nd BUT I can tell you that how @roland-d did it is exactly what I'd do. So it's okay as far as I am concerned.
Another way to do it — best practice for 3PDs actually — is for the plugin to check if we're in a captive page and not execute. I am leaving this note not as something applicable to this PR but as something that a 3PD might stumble on. The rabbit hole will lead them to this comment here and they will figure out what to do next ;)
I'm on vacation until the 22nd BUT I can tell you that how @roland-d did it is exactly what I'd do. So it's okay as far as I am concerned.
Another way to do it — best practice for 3PDs actually — is for the plugin to check if we're in a captive page and not execute. I am leaving this note not as something applicable to this PR but as something that a 3PD might stumble on. The rabbit hole will lead them to this comment here and they will figure out what to do next ;)
thx
I'm unable to test this as the mult-factor authentication setup is failing. I tried turning off EVERY plugin except "fixed" but that still didn't change anything
@N6REJ It looks like your site's database schema is out of date or otherwise borked. Try installing a fresh copy of Joomla 4.2 from the nightlies and apply this patch.
I get the same error in a fresh 4.2.0 build, no extensions installed, patch installed. It appears to work until I go back into to user profile and Save or Save & Close. Then I get the same error shown in @N6REJ 's post.
its the user actions log setting and nothing to do with the authentication plugins.
its the user actions log setting and nothing to do with the authentication plugins.
But I didn't change any settings. The default settings on a fresh build make this error happen. Regardless, it seems like we need to tell people this will happen and what to do about it. I'll take it up with the release team.
So I had a look at this finding and it is nothing related with this PR, so we should move it to it's own. It is indeed because of the actionlogs plugin which acts on the trigger onUserAfterSave and expects the $user array that is supplied to contain $user['actionlogs']['actionlogsExtensions'], to set that as extension, which it doesn't. So extension remains empty and this throws the error we see here. Going to see what I can do as a PR.
Regardless, it seems like we need to tell people this will happen and what to do about it.
No. its a bug that needs fixing
Regardless, it seems like we need to tell people this will happen and what to do about it.
No. its a bug that needs fixing
Yup. Roland found it (as seen in a comment). Thanks.
I have tested this item
Tests great. Thanks, Roland.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/38436.
I have tested this item
Tested successfully on localhost/php 8.1
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/38436.
| Labels |
Added:
?
|
||
| Status | Pending | ⇒ | Ready to Commit |
RTC as it has 2 successful human tests which were invalidated by a clean branch update only.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/38436.
| Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2022-08-13 13:53:21 |
| Closed_By | ⇒ | fancyFranci | |
| Labels |
Added:
?
|
||
Merged, thank you!
@nikosdion can you have a look please