Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#44591] - [5.2] Cannot use passkey when user activation is set.

No Code Attached Yet
avatar peter1szalatnay
peter1szalatnay
8 Dec 2024

Steps to reproduce the issue

  1. Login and create a passkey.
  2. Logout and request 'forget your password'.
  3. User now remembers their password and logins in to the site.
  4. Logout again.
  5. Try to use passkey.

Expected result

User should be able to login with passkey.

Actual result

User get an error access denied.

System information (as much as possible)

Joomla! Version | Joomla! 5.2.2 Stable [ Uthabiti ] 26-November-2024 16:00 GMT

Additional comments

Maybe we should clear the activation flag in the user table if the user successfully logins,

avatar peter1szalatnay peter1szalatnay - open - 8 Dec 2024
avatar joomla-cms-bot joomla-cms-bot - change - 8 Dec 2024
Labels Added: No Code Attached Yet
avatar joomla-cms-bot joomla-cms-bot - labeled - 8 Dec 2024
avatar richard67
richard67 - comment - 8 Dec 2024

Could you check if this is fixed by #44519 ?

avatar peter1szalatnay
peter1szalatnay - comment - 8 Dec 2024

Could you check if this is fixed by #44519 ?

It didn't as that requires the user to be saved, and the user will not know why the login is failing.

We have two flags in the users db, activation and requireReset, If the user is clicking forgot password the activation flag is set. So there should be a check on the login. If successful and activation exists but not requireReset, remove the activation flag as the self reset is not required anymore.

joomla-cms/plugins/system/webauthn/src/PluginTraits/AjaxHandlerLogin.php

Line 155 in 33c9c7c

throw new \RuntimeException(Text::_('JGLOBAL_AUTH_ACCESS_DENIED'));

Even the error message could be changed to password reset in progress access is denied.

Add a Comment

Login with GitHub to post a comment