New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Two-factor: should it fail if configured but dependencies missing? #13832

Closed
ibennetch opened this Issue Nov 23, 2017 · 4 comments

Comments

Projects
None yet
2 participants
@ibennetch
Member

ibennetch commented Nov 23, 2017

This is another corner case but I think we should address it.

I've configured a user with two-factor authentication but then removed the dependencies, so phpMyAdmin can't use two-factor authentication to authenticate the user. When I go to log in as that user, I'm not prompted in any way and I'm able to log in through the usual method with only a password.

I propose that in this case; when a user has two-factor authentication enabled but it's not available through phpMyAdmin, we should still deny login.

@nijel nijel added the enhancement label Nov 24, 2017

@nijel nijel self-assigned this Nov 24, 2017

@nijel nijel added this to the 4.8.0 milestone Nov 24, 2017

@nijel nijel closed this in 5867fad Nov 24, 2017

@ibennetch

This comment has been minimized.

Show comment
Hide comment
@ibennetch

ibennetch Nov 27, 2017

Member

Much better, thanks. However, the "Verify" button is still visible but doesn't seem to do anything. We probably should hide that as well. See the attachment:

image

Member

ibennetch commented Nov 27, 2017

Much better, thanks. However, the "Verify" button is still visible but doesn't seem to do anything. We probably should hide that as well. See the attachment:

image

@ibennetch ibennetch reopened this Nov 27, 2017

@ibennetch

This comment has been minimized.

Show comment
Hide comment
@ibennetch

ibennetch Nov 27, 2017

Member

(I wasn't sure if I should re-open this or start a new issue, feel free to close this and I'll repost if that's easier to track)

Member

ibennetch commented Nov 27, 2017

(I wasn't sure if I should re-open this or start a new issue, feel free to close this and I'll repost if that's easier to track)

@nijel nijel closed this in c7e0782 Nov 27, 2017

@ibennetch

This comment has been minimized.

Show comment
Hide comment
@ibennetch

ibennetch Nov 27, 2017

Member

Now it doesn't show the Verify button even when it should (I can press 'Enter' and it still works correctly aside from the missing button).

Member

ibennetch commented Nov 27, 2017

Now it doesn't show the Verify button even when it should (I can press 'Enter' and it still works correctly aside from the missing button).

@ibennetch ibennetch reopened this Nov 27, 2017

@nijel nijel closed this in b8fb7f2 Nov 27, 2017

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Nov 27, 2017

Member

Thanks, I should properly test both cases next time. I was testing U2F only and it doesn't show the button anyway, so I didn't notice.

Member

nijel commented Nov 27, 2017

Thanks, I should properly test both cases next time. I was testing U2F only and it doesn't show the button anyway, so I didn't notice.

nijel added a commit that referenced this issue Nov 28, 2017

Fix php5 compatibility
Issue #13832

Signed-off-by: Michal Čihař <michal@cihar.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment