Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[4.0] Remove FOF From Joomla Core #17687

Merged
merged 2 commits into from Aug 24, 2017
Merged

[4.0] Remove FOF From Joomla Core #17687

merged 2 commits into from Aug 24, 2017

Conversation

wilsonge
Copy link
Contributor

@wilsonge wilsonge commented Aug 23, 2017
edited

Moves the encryption libraries to the Joomla Namespace and removes FOF. Note as I've changed the functions to use native PHP functions rather than also porting FOFUtilsPhpfunc I've deliberately not classmapped the FOF classnames as there are b/c breaks

Testing

Check 2FA works before and after PR

@wilsonge wilsonge requested a review from mbabker August 23, 2017 14:11
@joomla-cms-bot joomla-cms-bot added Language Change This is for Translators PR-4.0-dev labels Aug 23, 2017
This was referenced Aug 23, 2017
Closed
Merged
@infograf768 infograf768 changed the title Remove FOF From Joomla Core [4.0] Remove FOF From Joomla Core Aug 23, 2017
@eXsiLe95
Copy link
Contributor

eXsiLe95 commented Aug 24, 2017
edited

I have tested this item ✅ successfully on cf63da3

Testing

System Information

  • Running on xampp v3.2.2
  • Windows 10 (1703: 15063:540)
  • Chrome 60.0.3112.101 (64bit)
  • PHP 7.1.7
  • Joomla! 4.0-dev (joomla@4.0.0)
  • Patch Tester 3.0.0 Beta 3

Steps

  1. Fresh installation of Joomla! 4.0-dev
  2. Enable TFA in administrator
    1. Go to Extensions > Plugins
      1. Enable Two Factor Authentication - Google Authenticator
      2. Enable Two Factor Authentication - YubiKey
  3. Create users
    1. Go to Users > Manage
    2. Create a new user
    3. Edit the new user and enable Two Factor Authentication
      1. Go to Two Factor Authentication Tab
      2. Select Google Authenticator as Authentication Method
      3. Follow the on screen instructions to set up Google Authenticator
    4. Create a new user
    5. Edit the new user and enable Two Factor Authentication
      1. Got to Two Factor Authentication Tab
      2. Select YubiKey as Authentication Method
      3. Follow the on screen instructions to set up YubiKey Authenticator
  4. Go to frontend/site <yourinstallpath>/index.php
    1. Test without TFA
      1. Try to log in with superuser with wrong password
      2. Try to log in with superuser with additional secret key (is always wrong)
      3. Login with superuser without TFA
      4. Log out
      5. Go to <youtinstallpath>/index.php/login
      6. Try to log in with superuser with wrong password
      7. Try to log in with superuser with additional secret key (is always wrong)
      8. Login with superuser without TFA
      9. Log out
    2. Test with Google TFA
      1. Try to log in with Google TFA user with wrong password but no secret key
      2. Try to log in with Google TFA user with wrong password and wrong secret key
      3. Try to log in with Google TFA user with wrong password but correct secret key
      4. Try to log in with Google TFA user with correct password but no secret key
      5. Try to log in with Google TFA user with correct password but incorrect secret key
      6. Login with the user with Google TFA with the login box
      7. Log out
      8. Go to <youtinstallpath>/index.php/login
      9. Try to log in with Google TFA user with wrong password but no secret key
      10. Try to log in with Google TFA user with wrong password and wrong secret key
      11. Try to log in with Google TFA user with wrong password but correct secret key
      12. Try to log in with Google TFA user with correct password but no secret key
      13. Try to log in with Google TFA user with correct password but incorrect secret key
      14. Login with the user with Google TFA with the login box
      15. Log out
    3. Test with YubiKey
      1. Try to log in with YubiKey TFA user with wrong password but no secret key
      2. Try to log in with YubiKey TFA user with wrong password and wrong secret key
      3. Try to log in with YubiKey TFA user with wrong password but correct secret key
      4. Try to log in with YubiKey TFA user with correct password but no secret key
      5. Try to log in with YubiKey TFA user with correct password but incorrect secret key
      6. Login with the user with YubiKey TFA with the login box
      7. Log out
      8. Go to <youtinstallpath>/index.php/login
      9. Try to log in with YubiKey TFA user with wrong password but no secret key
      10. Try to log in with YubiKey TFA user with wrong password and wrong secret key
      11. Try to log in with YubiKey TFA user with wrong password but correct secret key
      12. Try to log in with YubiKey TFA user with correct password but no secret key
      13. Try to log in with YubiKey TFA user with correct password but incorrect secret key
      14. Login with the user with YubiKey TFA with the login box
      15. Log out
  5. Go to backend/administrator <yourinstallpath/administrator
    1. Test without TFA
      1. Try to log in with superuser with wrong password
      2. Try to log in with superuser with wrong password and additional secret key (is always wrong)
      3. Try to log in with superuser with correct password and additional secret key (is always wrong)
      4. Login with superuser without TFA
      5. Log out
    2. Test with Google TFA
      1. Try to log in with Google TFA user with wrong password but no secret key
      2. Try to log in with Google TFA user with wrong password and wrong secret key
      3. Try to log in with Google TFA user with wrong password but correct secret key
      4. Try to log in with Google TFA user with correct password but no secret key
      5. Try to log in with Google TFA user with correct password but incorrect secret key
      6. Login with the user with Google TFA with the login box
      7. Log out
    3. Test with YubiKey TFA
      1. Try to log in with YubiKey TFA user with wrong password but no secret key
      2. Try to log in with YubiKey TFA user with wrong password and wrong secret key
      3. Try to log in with YubiKey TFA user with wrong password but correct secret key
      4. Try to log in with YubiKey TFA user with correct password but no secret key
      5. Try to log in with YubiKey TFA user with correct password but incorrect secret key
      6. Login with the user with YubiKey TFA with the login box
      7. Log out

Expected result

Login attempts with wrong information will fail and throw an error accordingly. Login attempts with correct login data will be successfull. Installation of R/C should not affect this behavior.

Result before PR

  1. Frontend test (according to step 4)
    1. Without TFA
      1. Test: Works as expected.
      2. Test: Works as expected. (Secret Key field is ignored)
      3. Test: Works as expected.
      4. Test: Works as expected.
      5. Test: Works as expected.
      6. Test: Works as expected.
      7. Test: Works as expected. (Secret Key field is ignored)
      8. Test: Works as expected.
      9. Test: Works as expected.
    2. With Google TFA
      1. Test: Works as expected.
      2. Test: Works as expected.
      3. Test: Works as expected.
      4. Test: Works as expected.
      5. Test: Works as expected.
      6. Test: Works as expected.
      7. Test: Works as expected.
      8. Test: Works as expected.
      9. Test: Works as expected.
      10. Test: Works as expected.
      11. Test: Works as expected.
      12. Test: Works as expected.
      13. Test: Works as expected.
      14. Test: Works as expected.
      15. Test: Works as expected.
    3. With YubiKey TFA
      1. Test: Works as expected.
      2. Test: Works as expected.
      3. Test: Works as expected.
      4. Test: Works as expected.
      5. Test: Works as expected.
      6. Test: Works as expected.
      7. Test: Works as expected.
      8. Test: Works as expected.
      9. Test: Works as expected.
      10. Test: Works as expected.
      11. Test: Works as expected.
      12. Test: Works as expected.
      13. Test: Works as expected.
      14. Test: Works as expected.
      15. Test: Works as expected.
  2. Backend test (according to step 5)
    1. Without TFA
      1. Test: Bug! Secret Key field is required, even though it's not needed (removing required aria-required="true" fixed the issue)
      2. Test: Works as expected.
      3. Test: Works as expected. Secret Key field is ignored, login successfull. A warning was displayed.
      4. Test: Bug! Secret Key field is required, even though it's not needed (removing required aria-required="true" fixed the issue)
      5. Test: Works as expected.
    2. With Google TFA
      1. Test: Works as expected. (Secret Key field is required, but not only for this user!)
      2. Test: Works as expected.
      3. Test: Works as expected.
      4. Test: Works as expected. (Secret Key field is required, but not only for this user!)
      5. Test: Works as expected.
      6. Test: Works as expected.
      7. Test: Works as expected.
    3. With YubiKey TFA
      1. Test: Works as expected. (Secret Key field is required, but not only for this user!)
      2. Test: Works as expected.
      3. Test: Works as expected.
      4. Test: Works as expected. (Secret Key field is required, but not only for this user!)
      5. Test: Works as expected.
      6. Test: Works as expected.
      7. Test: Works as expected.

Result with PR

  1. Frontend test (according to step 4)
    1. Without TFA
      1. Test: Works as expected.
      2. Test: Works as expected. (Secret Key field is ignored)
      3. Test: Works as expected.
      4. Test: Works as expected.
      5. Test: Works as expected.
      6. Test: Works as expected.
      7. Test: Works as expected. (Secret Key field is ignored)
      8. Test: Works as expected.
      9. Test: Works as expected.
    2. With Google TFA
      1. Test: Works as expected.
      2. Test: Works as expected.
      3. Test: Works as expected.
      4. Test: Bug! The requested page can't be found. but login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      5. Test: Bug! The requested page can't be found. but login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      6. Test: Bug! The requested page can't be found. and login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      7. Test: Works as expected.
      8. Test: Works as expected.
      9. Test: Works as expected.
      10. Test: Works as expected.
      11. Test: Works as expected.
      12. Test: Bug! The requested page can't be found. but login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      13. Test: Bug! The requested page can't be found. but login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      14. Test: Bug! The requested page can't be found. and login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      15. Test: Works as expected.
    3. With YubiKey TFA
      1. Test: Works as expected.
      2. Test: Works as expected.
      3. Test: Works as expected.
      4. Test: Bug! The requested page can't be found. but login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      5. Test: Bug! The requested page can't be found. but login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      6. Test: Bug! The requested page can't be found. and login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      7. Test: Works as expected.
      8. Test: Works as expected.
      9. Test: Works as expected.
      10. Test: Works as expected.
      11. Test: Works as expected.
      12. Test: Bug! The requested page can't be found. but login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      13. Test: Bug! The requested page can't be found. but login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      14. Test: Bug! The requested page can't be found. and login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      15. Test: Works as expected.
  2. Backend test (according to step 5)
    1. Without TFA
      1. Test: Bug! Secret Key field is required, even though it's not needed (removing required aria-required="true" fixed the issue)
      2. Test: Works as expected.
      3. Test: Works as expected. Secret Key field is ignored, login successfull. A warning was displayed.
      4. Test: Bug! Secret Key field is required, even though it's not needed (removing required aria-required="true" fixed the issue)
      5. Test: Works as expected.
    2. With Google TFA
      1. Test: Works as expected. (Secret Key field is required, but not only for this user!)
      2. Test: Works as expected.
      3. Test: Works as expected.
      4. Test: Works as expected. (Secret Key field is required, but not only for this user!)
      5. Test: Bug! The requested page can't be found. and login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      6. Test: Bug! The requested page can't be found. and login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      7. Test: Works as expected.
    3. With YubiKey TFA
      1. Test: Works as expected. (Secret Key field is required, but not only for this user!)
      2. Test: Works as expected.
      3. Test: Works as expected.
      4. Test: Works as expected. (Secret Key field is required, but not only for this user!)
      5. Test: Bug! The requested page can't be found. and login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      6. Test: Bug! The requested page can't be found. and login was unsuccessfull. Error: Class 'Joomla\CMS\Encrypt\Aes' not found Works as expected
      7. Test: Works as expected.

Testing results (in a nutshell)

  • The directory Joomla\CMS\Encrypt\Aes, located in <yourinstallpath>\libraries\src\ does not exist. It is only available in the old folder of FOF.
    Using the PatchInstaller 3.0.0, the files were not changed correctly. I now used an installation in which the PR was applied using the DIFF-URL and git apply
  • There is a bug (pre and post PR) where the Secret Key field is always required, even though the user does not have TFA enabled. There needs to be a checke whether or not TFA is activated (according to username)

Tested @icampus

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/17687.

@brianteeman
Copy link
Contributor

how can that be marked a successful test when it identifies numerous bugs?

@eXsiLe95
Copy link
Contributor

@brianteeman The exclution of FOF works perfectly fine - it's another bug that encountered before. This should be another issue, I guess, since it has nothing to do with the topic or goal of this issue directly. Also, the testing procedure of this issue (exclution of FOF) is very huge, testing for this little bug is much easier in another issue with fewer steps.

@wilsonge It could also be fixed here! But then I have to check the whole procedure again in the name of issue tracking ;)

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/17687.

@wilsonge
Copy link
Contributor Author

I see you've updated your references. Does this mean it is or isn't working in entirety now?

@roland-d
Copy link
Contributor

@wilsonge We just tested this on a clean 4.0-dev checkout. If you have 2FA enabled and want to login with a user that does not have 2FA enabled you cannot login on backend. You get this:

image

So this is an issue not related to your PR but a pre-existing issue.

Your PR works as expected.

@brianteeman
Copy link
Contributor

ah i see what yu mean abut the aria-required

@wilsonge
Copy link
Contributor Author

OK In that case I'm happy :) @roland-d do you want to get the students to open a separate issue for that (also is that an issue in 3.x or 4 only?)

@roland-d
Copy link
Contributor

@wilsonge It is only an issue in 4.x. I will let @eXsiLe95 create a new PR with a fix for this issue as he found it.

@wilsonge
Copy link
Contributor Author

👍

@wilsonge wilsonge merged commit dbc111f into joomla:4.0-dev Aug 24, 2017
@wilsonge wilsonge deleted the remove-fof branch August 24, 2017 13:19
@wilsonge wilsonge added this to the Joomla 4.0 milestone Aug 24, 2017
@eXsiLe95 eXsiLe95 mentioned this pull request Aug 25, 2017
Merged
@Murat75
Copy link

Murat75 commented Aug 28, 2017

I have tested this item ✅ successfully on cf63da3

I have tested this item ✅ successfully on cf63da3

System Information
Running on XAMPP 7.1.4-0
macOS Sierra Version 10.12.6
Safari Version 10.1.2
PHP 7
Joomla! 4.0-dev (joomla@4.0.0)

Steps

  1. Install XAMP 7.1.4-0 on macOS ✅

  2. Install joomla from github with the branch 4.0-dev ✅

  3. Clone this on your Mac with your Download an ZIP-File and put it on the htdocs ✅

  4. XAMPP on mac is difficult with the user rights, you must be give on terminal the folder admin rights with "chmod 777" to continue install joomla-4 ✅

  5. Install Joomla4 ✅

  6. You must activate the Two Factor Authentication

    1. Backend -> Control Panel -> Extension -> Manage -> Manage and activate Google Authenticator and YubiKey ✅

  7. create user

    1. Backend -> User -> Manage -> create 2 users (1. google, 2. yubi) ✅
    2. give user "google" the Google Authentication Method ✅
    3. give user "yubi" the Yubikey Authentication Method ✅

  8. Go to frontend/site /index.php

    1. Test without TFA

      1. Try to log in with superuser with wrong password -> it works ✅
      2. Try to log in with superuser with additional secret key -> it doestn work because the secret key must be enabled
      3. Login with superuser without TFA -> it works ✅
      4. Log out
      5. Go to /index.php/login
      6. Try to log in with superuser with wrong password -> doesnt work, because wrong password
      7. Try to log in with superuser with additional secret key -> it doestn work because the secret key must be enabled
      8. Login with superuser without TFA -> it works ✅
      9. Log out

    2. Test with Google TFA

      1. Try to log in with Google TFA user with wrong password but no secret key -> it doesnt work, Username and password do not match or you do not have an account yet.
      2. Try to log in with Google TFA user with wrong password and wrong secret key -> doenst work, Username and password do not match or you do not have an account yet.
      3. Try to log in with Google TFA user with wrong password but correct secret key -> doesnt work, Username and password do not match or you do not have an account yet.
      4. Try to log in with Google TFA user with correct password but no secret key -> doesnt work, The two factor authentication Secret Key is invalid.
      5. Try to log in with Google TFA user with correct password but incorrect secret key -> doesnt work, The two factor authentication Secret Key is invalid.
      6. Login with the user with Google TFA with the login box -> it works ✅
      7. Log out
      8. Go to /index.php/login
      9. Try to log in with Google TFA user with wrong password but no secret key -> Username and password do not match or you do not have an account yet.
      10. Try to log in with Google TFA user with wrong password and wrong secret key -> Username and password do not match or you do not have an account yet.
      11. Try to log in with Google TFA user with wrong password but correct secret key -> Username and password do not match or you do not have an account yet.
      12. Try to log in with Google TFA user with correct password but no secret key -> The two factor authentication Secret Key is invalid.
      13. Try to log in with Google TFA user with correct password but incorrect secret key -> The two factor authentication Secret Key is invalid.
      14. Login with the user with Google TFA with the login box -> it works ✅
      15. Log out

    3. Test with YubiKey

      1. Try to log in with YubiKey TFA user with wrong password but no secret key -> Username and password do not match or you do not have an account yet.
      2. Try to log in with YubiKey TFA user with wrong password and wrong secret key -> Username and password do not match or you do not have an account yet.
      3. Try to log in with YubiKey TFA user with wrong password but correct secret key -> Username and password do not match or you do not have an account yet.
      4. Try to log in with YubiKey TFA user with correct password but no secret key -> The two factor authentication Secret Key is invalid.
      5. Try to log in with YubiKey TFA user with correct password but incorrect secret key -> The two factor authentication Secret Key is invalid.
      6. Login with the user with YubiKey TFA with the login box -> it works ✅
      7. Log out
      8. Go to /index.php/login
      9. Try to log in with YubiKey TFA user with wrong password but no secret key -> Username and password do not match or you do not have an account yet.
      10. Try to log in with YubiKey TFA user with wrong password and wrong secret key -> Username and password do not match or you do not have an account yet.
      11. Try to log in with YubiKey TFA user with wrong password but correct secret key -> Username and password do not match or you do not have an account yet.
      12. Try to log in with YubiKey TFA user with correct password but no secret key -> The two factor authentication Secret Key is invalid.
      13. Try to log in with YubiKey TFA user with correct password but incorrect secret key -> The two factor authentication Secret Key is invalid.
      14. Login with the user with YubiKey TFA with the login box -> it works ✅
      15. Log out

  9. Go to backend/administrator <yourinstallpath/administrator

    1. Test without TFA

      1. Try to log in with superuser with wrong password -> Username and password do not match or you do not have an account yet.
      2. Try to log in with superuser with wrong password and additional secret key -> Username and password do not match or you do not have an account yet.
      3. Try to log in with superuser with correct password and additional secret key -> it works ✅
      4. Login with superuser without TFA -> works
      5. Try to log in with superuser with correct password and incorrect secret key -> it works, but there are a Warning with this line: You need to enable two factor authentication in your user profile to use the secret code field. ✅
      6. Log out

    2. Test with Google TFA

      1. Try to log in with Google TFA user with wrong password but no secret key -> Username and password do not match or you do not have an account yet.
      2. Try to log in with Google TFA user with wrong password and wrong secret key ->Username and password do not match or you do not have an account yet.
      3. Try to log in with Google TFA user with wrong password but correct secret key -> Username and password do not match or you do not have an account yet.
      4. Try to log in with Google TFA user with correct password but no secret key -> The two factor authentication Secret Key is invalid.
      5. Try to log in with Google TFA user with correct password but incorrect secret key ->The two factor authentication Secret Key is invalid.
      6. Login with the user with Google TFA with the login box -> it works ✅
      7. Log out

    3. Test with YubiKey TFA

      1. Try to log in with YubiKey TFA user with wrong password but no secret key -> Username and password do not match or you do not have an account yet.
      2. Try to log in with YubiKey TFA user with wrong password and wrong secret key -> Username and password do not match or you do not have an account yet.
      3. Try to log in with YubiKey TFA user with wrong password but correct secret key -> Username and password do not match or you do not have an account yet.
      4. Try to log in with YubiKey TFA user with correct password but no secret key -> The two factor authentication Secret Key is invalid.
      5. Try to log in with YubiKey TFA user with correct password but incorrect secret YubiKey -> The two factor authentication Secret Key is invalid.
      6. Login with the user with YubiKey TFA with the login box -> it works ✅
      7. Log out

Now I install the joomla from Wilson with is fixedwrong PR and started the test again.

  1. Go to frontend/site /index.php

    1. Test without TFA

      1. Try to log in with superuser with password -> it works ✅
      2. Try to log in with superuser with additional secret key -> it works, but give an Warning: You need to enable two factor authentication in your user profile to use the secret code field. ✅
      3. Login with superuser without TFA -> it works ✅
      4. Log out
      5. Go to /index.php/login
      6. Try to log in with superuser with wrong password -> doesnt work, Username and password do not match or you do not have an account yet.
      7. Try to log in with superuser with additional secret key -> it works, You need to enable two factor authentication in your user profile to use the secret code field. ✅
      8. Login with superuser without TFA -> it works ✅
      9. Log out

    2. Test with Google TFA

      1. Try to log in with Google TFA user with wrong password but no secret key -> it doesnt work, Username and password do not match or you do not have an account yet.
      2. Try to log in with Google TFA user with wrong password and wrong secret key -> doenst work, Username and password do not match or you do not have an account yet.
      3. Try to log in with Google TFA user with wrong password but correct secret key -> doesnt work, Username and password do not match or you do not have an account yet.
      4. Try to log in with Google TFA user with correct password but no secret key -> doesnt work, The two factor authentication Secret Key is invalid.
      5. Try to log in with Google TFA user with correct password but incorrect secret key -> doesnt work, The two factor authentication Secret Key is invalid.
      6. Login with the user with Google TFA with the login box -> it works ✅
      7. Log out
      8. Go to /index.php/login
      9. Try to log in with Google TFA user with wrong password but no secret key -> Username and password do not match or you do not have an account yet.
      10. Try to log in with Google TFA user with wrong password and wrong secret key -> Username and password do not match or you do not have an account yet.
      11. Try to log in with Google TFA user with wrong password but correct secret key - > Username and password do not match or you do not have an account yet.
      12. Try to log in with Google TFA user with correct password but no secret key -> The two factor authentication Secret Key is invalid.
      13. Try to log in with Google TFA user with correct password but incorrect secret key -> The two factor authentication Secret Key is invalid.
      14. Login with the user with Google TFA with the login box -> it works ✅
      15. Log out

    3. Test with YubiKey

      1. Try to log in with YubiKey TFA user with wrong password but no secret key -> Username and password do not match or you do not have an account yet.
      2. Try to log in with YubiKey TFA user with wrong password and wrong secret key -> Username and password do not match or you do not have an account yet.
      3. Try to log in with YubiKey TFA user with wrong password but correct secret key -> Username and password do not match or you do not have an account yet.
      4. Try to log in with YubiKey TFA user with correct password but no secret key -> The two factor authentication Secret Key is invalid.
      5. Try to log in with YubiKey TFA user with correct password but incorrect secret key -> The two factor authentication Secret Key is invalid.
      6. Login with the user with YubiKey TFA with the login box -> it works ✅
      7. Log out
      8. Go to /index.php/login
      9. Try to log in with YubiKey TFA user with wrong password but no secret key -> Username and password do not match or you do not have an account yet.
      10. Try to log in with YubiKey TFA user with wrong password and wrong secret key -> Username and password do not match or you do not have an account yet.
      11. Try to log in with YubiKey TFA user with wrong password but correct secret key -> Username and password do not match or you do not have an account yet.
      12. Try to log in with YubiKey TFA user with correct password but no secret key -> The two factor authentication Secret Key is invalid.
      13. Try to log in with YubiKey TFA user with correct password but incorrect secret key -> The two factor authentication Secret Key is invalid.
      14. Login with the user with YubiKey TFA with the login box -> it works ✅
      15. Log out
        This comment was created with the <a

Tested @icampus

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/17687.

roland-d added a commit to roland-d/joomla-cms that referenced this pull request Aug 31, 2017
@roland-d
Merge branch '4.0-dev' of https://github.com/joomla/joomla-cms into r…
ccd9920 
…olandd-4.0-dev

* '4.0-dev' of https://github.com/joomla/joomla-cms: (35 commits)
  Delete redis handler in favor of fw handler (joomla#17798)
  Remove deprecated JArrayHelper (joomla#17795)
  [4.0] codestyle (joomla#17779)
  Update error renderers for PHP 7 code structure, update Exception/Throwable references to only reference Throwable (joomla#17750)
  Improve article association links
  Fix parsing routes with language filter enabled
  Fix JString use
  [4.0] Fix content margin if no "top" modules are assigned (joomla#17699)
  Removed required state for Secret Key field (joomla#17713)
  [4.0] [installation]  set proper default for lastResetTime (joomla#16847)
  [4.0] Remove FOF From Joomla Core (joomla#17687)
  [4.0] Add Controller suffix to extension controllers (joomla#17624)
  Fix menu association form field not loading
  remove html imports (joomla#17691)
  [4.0] Update Bootstrap to beta-1 (joomla#17496)
  Move files
  [4.0] Cleanup classmap and include it properly for stubs generation (joomla#17667)
  Add back class that got deleted somewhere
  Fix Sql field class name (joomla#17666)
  [4.0] Fix namespaced form fields Part 2 (joomla#17664)
  ...
@laoneo laoneo mentioned this pull request Nov 8, 2017
Closed
@zero-24 zero-24 mentioned this pull request Apr 7, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mbabker mbabker Awaiting requested review from mbabker

Assignees
No one assigned
Labels
Language Change This is for Translators
Projects
None yet
Milestone
Joomla 4.0
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@wilsonge @eXsiLe95 @brianteeman @roland-d @Murat75 @joomla-cms-bot