?
avatar Klipper
Klipper
22 Nov 2014

The extra tab for Two Factor Authentication(TFA) is missing when trying to edit the user-account in administrator.

How to reproduce:

  • The tab is only missing when you choose 'Edit Account' menu-item from the User dropdown-menu at the upper right corner of the administrator.( Above the Joomla! logo + name).

  • Both Two Factor Authentications plugins are enabled. (Doesn't matter if the plugins are enabled for front-end, back-end or both)

  • When accessing user-accounts using the user manager, or clicking a link in the 'logged-in users module' on the administrator control-panel, the TFA-tab is present.

  • The missing TFA-tab is a problem for back-end users, like authors, who have no access to the user manager or logged-in users module. The only possibility to access/edit their profile is using the dropdown menu at the upper right corner.
    In current situation they cannot edit their profile for securing their account with TFA, because of missing TFA-tab.

Votes

# of Users Experiencing Issue
1/1
Average Importance Score
3.00

avatar Klipper Klipper - open - 22 Nov 2014
avatar Klipper Klipper - change - 22 Nov 2014
The description was changed
avatar brianteeman brianteeman - change - 22 Nov 2014
Status New Confirmed
avatar brianteeman
brianteeman - comment - 22 Nov 2014

I can confirm this

@nikosdion any ideas?

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/5162.

avatar nikosdion
nikosdion - comment - 22 Nov 2014

As I had said when we introduced the TFA feature in Joomla! 3.2, this cannot be fixed. When you use those links Joomla! opens a "quick edit" view which does not load plugins. In fact, you will see that several other features are missing from this page, for example:

  • Receive system messages
  • Block this user
  • Require password change
  • All information regarding last login, last password change, number of password resets
  • Linked user groups

The thing is that for some reason I am not aware of it was decided early in the Joomla! 3 development to have two different user editor views, one complete (view=user) and one partial (view=profile). The only way to display the complete user editor (view=user) is through the User Manager. All other links open the profile view which is a partial editor missing all of the aforementioned options AND the TFA configuration.

In other words, it's not a bug, it's a very confusing feature...

avatar brianteeman
brianteeman - comment - 22 Nov 2014

Can anyone think of a good reason to maintain these two different views and
the related issues it causes?
On 22 Nov 2014 11:28, "Nicholas K. Dionysopoulos" notifications@github.com
wrote:

As I had said when we introduced the TFA feature in Joomla! 3.2, this
cannot be fixed. When you use those links Joomla! opens a "quick edit" view
which does not load plugins. In fact, you will see that several other
features are missing from this page, for example:

  • Receive system messages
  • Block this user
  • Require password change
  • All information regarding last login, last password change, number of password resets
  • Linked user groups

The thing is that for some reason I am not aware of it was decided early
in the Joomla! 3 development to have two different user editor views,
one complete (view=user) and one partial (view=profile). The only way to
display the complete user editor (view=user) is through the User Manager.
All other links open the profile view which is a partial editor missing all
of the aforementioned options AND the TFA configuration.

In other words, it's not a bug, it's a very confusing feature...


Reply to this email directly or view it on GitHub
#5162 (comment).

avatar Klipper
Klipper - comment - 23 Nov 2014

When I enable TFA for front-end, after login at frontend, I can when available call, using link: index.php?option=com_users&view=profile (my user-profile).
On that user-profile page there is a button to edit my user-profile: ?task=profile.edit&user_id=**
When TFA enabled for frontend I can secure here my account with TFA.

But:

Say we have a common website were front-end login is disabled, and so front-end TFA is disabled too (so no edit possibility of user-profile including TFA in front-end in this case). All website content editing will happen now in administrator.

Here we get the problem that i.e. an author or editor can only edit his own user-profile using the upper-right dropdown-menu, because he/she will not have access to the usermanager. So now he/she cannot use TFA.

I think the back-end user-profile-edit-form should be the same as the front-end-profile-edit-form containing the TFA features..

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/5162.

avatar nikosdion
nikosdion - comment - 24 Nov 2014

I agree with you, @Klipper There should be just one editor page. We should be simply hiding the privileged parameters from the non-privileged users. However, I do understand why we have two separate pages. The com_users component is using JForm. Apparently you can't remove entire JForm sections so you need two separate views. Unfortunately, the way the profile view is written it doesn't allow loading the plugins because plugins could introduce privileged parameters. I don't think there's an easy solution without deep refactoring of the component and probably stopping to use JForm. I'd be surprised if this can be fixed before Joomla! 4.

avatar brianteeman brianteeman - change - 3 Jan 2015
Labels Added: ?
avatar brianteeman brianteeman - change - 30 Apr 2015
Status Confirmed Known Issue
Closed_Date 0000-00-00 00:00:00 2015-04-30 12:16:39
Closed_By brianteeman
avatar brianteeman
brianteeman - comment - 30 Apr 2015

Based on the comments above I am closing this


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/5162.

avatar brianteeman brianteeman - close - 30 Apr 2015

Add a Comment

Login with GitHub to post a comment