https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32066 --- Comment #8 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Marcel de Rooy from comment #7)
(In reply to Marcel de Rooy from comment #6)
(In reply to Jonathan Druart from comment #1)
- return ( "setup-additional-auth-needed", $session ) - if $session->param('waiting-for-2FA-setup'); + return ( "setup-additional-auth-needed", $session ) + if $session->param('waiting-for-2FA-setup'); + }
I am still thinking about this second case btw. Not sure yet.
The change actually seems to be unneeded. But it is hard to catch why checkauth allows the login if cookie_auth returned: [2022/11/03 10:20:14] [WARN] L853:setup-additional-auth-needed: at /usr/share/koha/C4/Auth.pm line 853.
Hmm. What happens is that the q_userid and password are checked again with checkpw and are fine. So login is granted. It seems that checkauth might need more attention in responding to the setup-additional-auth-needed response of cookie_auth? -- You are receiving this mail because: You are watching all bug changes.