Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ADMIn 2FA saving a user with 2fa enabled regenerates the 2fa code and locks out the user #268

Closed
Andy-Flack opened this issue Dec 5, 2020 · 1 comment
Closed

ADMIn 2FA saving a user with 2fa enabled regenerates the 2fa code and locks out the user #268

Andy-Flack opened this issue Dec 5, 2020 · 1 comment
Labels
bug fixed

Comments

@Andy-Flack
Copy link

BEWARE
hitting save after looking at a user profile with 2fa enabled regenerates the 2fa code and locks out the user.
I thought it was clock slippage until I realised that one user was OK and another one not.
Just saving the user you can see that the alpha code is changed each time.

I only realised as I was trying to work out how to enable a (non admin) user to turn on 2fa for themselves.
@Andy-Flack
Copy link
Author

problem is with line 6 of /grav/user/plugins/login/templates/forms/fields/2fa_secret/2fa_secret.html.twig
set user = grav.user
commenting / removing this line allows the load of the page to FIND the existing 2FA value, as the regen is a product of not finding it.

@mahagr mahagr transferred this issue from getgrav/grav-plugin-admin Dec 9, 2020
mahagr added a commit that referenced this issue Dec 9, 2020
@mahagr
Fixed saving another user in Admin with 2FA enabled regenerating 2FA …
e792753 
…secret [#268]
@mahagr mahagr mentioned this issue Dec 11, 2020
Closed
@mahagr mahagr closed this as completed Dec 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mahagr @Andy-Flack