[Koha-bugs] [Bug 32066] 2FA: User could get stuck temporarily on login screen when disabling pref
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Nov 3 11:52:14 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32066
--- Comment #8 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
(In reply to Marcel de Rooy from comment #7)
> (In reply to Marcel de Rooy from comment #6)
> > (In reply to Jonathan Druart from comment #1)
> > > - return ( "setup-additional-auth-needed", $session )
> > > - if $session->param('waiting-for-2FA-setup');
> > > + return ( "setup-additional-auth-needed", $session )
> > > + if $session->param('waiting-for-2FA-setup');
> > > + }
> >
> > I am still thinking about this second case btw. Not sure yet.
>
> The change actually seems to be unneeded. But it is hard to catch why
> checkauth allows the login if cookie_auth returned:
> [2022/11/03 10:20:14] [WARN] L853:setup-additional-auth-needed: at
> /usr/share/koha/C4/Auth.pm line 853.
Hmm. What happens is that the q_userid and password are checked again with
checkpw and are fine. So login is granted.
It seems that checkauth might need more attention in responding to the
setup-additional-auth-needed response of cookie_auth?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list