Feeling Lucky
bug
?
PR-4.4-dev
[#38793] - Handle silent response types correctly when empty
- Closed
- 13 Apr 2023
- Medium
- Build: 4.2-dev
- # 38793
- Diff
- Digital-Peak:mfa/silent
User tests: Successful: Unsuccessful:
Pull Request for Issue #38790.
Summary of Changes
When silent responses types is not set in the user configuration, eg. after an upgrade. Then the MFA captive screen is always shown as soon as the session expires.
The problem is that explode(,', ''); returns an array with an empty element in it but the check is only done if the array of silent response types is empty.
Ping @nikosdion for review
Testing Instructions
- Enable MFA method like google authenticator on your account
- Make sure the com_users record in the extension table has params like
{} - Log in on the front end
- Delete the session cookie of your joomla site in the dev tools of the browser, but not the one where the name starts with "joomla_remember_me_"
Actual result BEFORE applying this Pull Request
The screen is shown which requires to enter the Verification code. Page can't be browsed.
Expected result AFTER applying this Pull Request
Page loads normal and you are logged in.
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Front End Plugins |
| Labels |
Added:
?
|
||
laoneo
- comment
- 21 Sep 2022
Can you have another look?
laoneo
- comment
- 21 Sep 2022
Now it should also work when you put in something like " , " in the user options.
| Labels |
Added:
?
PR-4.4-dev
Removed: ? |
||
| Title |
|
||||||
| Labels |
Added:
bug
|
||
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2023-04-13 05:59:20 |
| Closed_By | ⇒ | laoneo |
I added a comment on an alternative implementation which should work better with the messier users (I'm sure we have several Chaotic Neutral people using Joomla).