Account module infinite redirect with two factor challenge page

[PVince81]

Steps

1. Enable password_policy app
2. Enable twofactor_email app (the dummy challenge is "passme")
3. Login as admin
4. Create a user "user1"
5. Login as that user (challenge is "passme")
6. Log out
7. Expire the user's password with occ user:expire-password user1
8. Login as "user1"

Expected result

Challenge page appears, after entering challenge the password expiry page appears.

Actual result

Infinite redirect cancelled by browser.

Version

ownCloud 10.0.9 + password_policy 2.0.0 + twofactor_email 0.0.1 (git)

There is a conflict between both pages wanting to appear after login.
A proposed solution is in PR #32058 to whitelist the two factor challenge page within the account module middleware.

@butonic

[ownclouders]

GitMate.io thinks possibly related issues are #31547 (Introduce account modules), #10630 (two-factor authentication), #32058 ([stable10] Skip two factor challenge in account module middleware), #25626 (Two factor authentication: Remove the challenge selection step when only one second factor method is available), and #4720 (Feature request: two-factor authentication).

[DeepDiver1975]

fixed