[#39472] - MFA options shown even when MFA is disabled
- New
- Medium
- Build: 4.2-dev
- # 39472
Steps to reproduce the issue
In the Backend go to Users - Options and disable MFA for a certain User Group
In the frontend go to or create an Edit Profile menu item
Expected result
The MFA options to not be shown in the edit profile screen as it is disabled
Actual result
The MFA options are visible in the Edit Profile page, although it can not be enabled it takes op a lot of screen real estate
System information (as much as possible)
Additional comments
joomla-cms-bot
- | Labels |
Added:
No Code Attached Yet
|
||
We may have a case where MFA was enabled for the Manager group (for example), then the admin decided to disable MFA for that group. But we probably need to let the managers know somehow before they wonder where their MFA has gone. Perhaps instead of displaying the options as in the use case (when we can't enable options), we should display some message that the MFA options for the group are disabled or something like that.
These are thoughts at first glance.
UPD
Currently, if an admin disables MFA for a group in which a user used MFA, he simply logs into the profile after authorization, but the MFA parameters are still available except for the ability to edit them (you can only disable MFA or delete a method).
Really - sit and guess why you logged in yesterday with the MFA, and today without it and you still can’t edit it )).
Even just for Registered, if the Super User decides (for whatever reason) to disable MFA for that group, no reference to MFA whatsoever should be shown in the edit profile as the 'registered' user cannot change or influence the MFA settings.
Hackwar
- | Labels |
Added:
bug
|
||
Confirmed