-
-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Current Device" for Trusted Devices does not work #1285
Comments
I do have some working code laying around. But exactly with this issue, because you need to write your own |
To keep it simple as it gets I personally vote for option 1. |
Can you point me to the problematic code please? |
Not sure what you mean. https://github.com/contao/contao/blob/master/core-bundle/src/Security/TwoFactor/TrustedDeviceManager.php#L72 stores the current cookie value, but the cookie value can contain multiple trusted device tokens. |
@bytehead has explained the issue to me (thank you again). Now that I understand it, I also vote for option 1, not showing "this device" in the device list. |
Closing this in favor of #1299. |
Description ----------- Here's a proposal how to fix #1285. Commits ------- fd2f57a Removes current device and fixes other issues related to trusted devices e54cb33 Fix test d011973 Fix trans files dcbb9bc Newline? 0ee808e Remove version fea9783 Cleanup 4712935 Simplify a5e2f77 Remove skeleton config
Affected version(s)
4.9
Description
The current implementation to detect the current trusted device will not work reliably. We are storing the trusted device cookie data, but the data will change for ever user that has logged in (all users are stored in the same cookie).
There are only two options:
😞
I'm not sure whats best… option 1 means we can't tell the user the current device – not so nice. Option 2 means we're getting rid of even more of the bundle, and I start wondering if we (should) need it at all. But then we need to re-invent the wheel all over again …
The text was updated successfully, but these errors were encountered: