Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Account module infinite redirect with two factor challenge page #32059

Closed
PVince81 opened this issue Jul 16, 2018 · 2 comments
Closed

Account module infinite redirect with two factor challenge page #32059

PVince81 opened this issue Jul 16, 2018 · 2 comments
Assignees
Labels
p2-high Escalation, on top of current planning, release blocker Type:Bug
Milestone

Comments

@PVince81
Copy link
Contributor

PVince81 commented Jul 16, 2018

Steps

  1. Enable password_policy app
  2. Enable twofactor_email app (the dummy challenge is "passme")
  3. Login as admin
  4. Create a user "user1"
  5. Login as that user (challenge is "passme")
  6. Log out
  7. Expire the user's password with occ user:expire-password user1
  8. Login as "user1"

Expected result

Challenge page appears, after entering challenge the password expiry page appears.

Actual result

Infinite redirect cancelled by browser.

Version

ownCloud 10.0.9 + password_policy 2.0.0 + twofactor_email 0.0.1 (git)

There is a conflict between both pages wanting to appear after login.
A proposed solution is in PR #32058 to whitelist the two factor challenge page within the account module middleware.

@butonic

@PVince81 PVince81 added Type:Bug p2-high Escalation, on top of current planning, release blocker labels Jul 16, 2018
@PVince81 PVince81 added this to the development milestone Jul 16, 2018
@PVince81 PVince81 self-assigned this Jul 16, 2018
@ownclouders
Copy link
Contributor

GitMate.io thinks possibly related issues are #31547 (Introduce account modules), #10630 (two-factor authentication), #32058 ([stable10] Skip two factor challenge in account module middleware), #25626 (Two factor authentication: Remove the challenge selection step when only one second factor method is available), and #4720 (Feature request: two-factor authentication).

@DeepDiver1975
Copy link
Member

fixed

@PVince81 PVince81 modified the milestones: development, QA Jan 11, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Jan 11, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
p2-high Escalation, on top of current planning, release blocker Type:Bug
Projects
None yet
Development

No branches or pull requests

3 participants