Condition for roles to be excluded should be if user has ANY role needing TFA they should get it

Created on 5 March 2023, almost 2 years ago

Updated 15 March 2023, almost 2 years ago

Problem/Motivation

With the current condition for excluding a user from TFA by role, if a user has multiple roles and one role does NOT need TFA, the user is excluded, even if the user has other roles that SHOULD need TFA.

Steps to reproduce

On a site with multiple user roles, configure Email TFA to exclude only some roles.
Create a user with multiple roles including one or more that are excluded and one or more that are not excluded.
Log in as that user and see that no Email TFA code is required.
Remove from that user the excluded roles, and see that Email TFA is required.

Proposed resolution

Recode the condition so that if a user has ANY roles requiring Email TFA they have to enter the code.

See attached proposed patch.

Remaining tasks

Maintainer review of patch.

User interface changes

N/A

API changes

N/A

Data model changes

N/A

✨ Feature request

Status

Closed: duplicate

Version

1.0

Component

Code

Created by

fl-49

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment almost 2 years ago →
fl-49
After I submitted this issue, Email TFA v1.0.6 was released in which another issue already solved this much better than my proposed patch! Thank you to the maintainers, and to mariacha1.

Please close this issue as duplicate but solved.
Status changed to Closed: duplicate almost 2 years ago9:09am 15 March 2023
Comment almost 2 years ago →
🇸🇦Saudi Arabia abdulaziz zaid Riyadh

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024