Summary of Changes

Always allow the captive page and captive.validate task even with PW reset requested. I'm not 100% sure whether its a good way to put the code here but on the first look it looks ok and fixes the issue.

Testing Instructions

• Install 5.4.0rc2
• create secondary user within the "administrator" group
• force the user to reset his PW and set an inital PW
• force the administrator group to setup mfa (Users -> Manage -> Options -> Multi-factor Authentication)
• login with that secondary user
• setup mfa
• try to do the next step

Actual result BEFORE applying this Pull Request

endless loop as joomla wants you to fill the captive page and reset your PW at the same time

Expected result AFTER applying this Pull Request

first joomla will allow you to fill the mfa captcha after that it will force you to reset your PW.

Link to documentations

Please select:

• Documentation link for docs.joomla.org:

• No documentation changes for docs.joomla.org needed

• Pull Request link for manual.joomla.org:

• No documentation changes for manual.joomla.org needed