Contrib.social

Bypass email_tfa if using drush uli

Open on Drupal.org β†’
Created on 28 March 2023, over 1 year ago
Updated 24 August 2023, 10 months ago

This may be a duplicate of https://www.drupal.org/project/email_tfa/issues/3249412 πŸ’¬ One time login Closed: duplicate

Currently, if someone logs into a site that has email_tfa installed using the "drush uli" command, a confirmation email is still sent by email_tfa. While this extra level of security might be desired by some, it could be a major issue for others. For example, if a site is having issues sending mail, and therefore email_tfa is no longer working, it would be impossible for someone to log into the site!

The drush uli command is often used as a way for trusted users with server access to log in. Because someone must already have a fairly high level of access to the server to run this command, email confirmation is likely not needed in most cases. At the very least, I think this should be a configurable setting.

✨ Feature request
Status

Closed: won't fix

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States srdtwc Skokie, IL

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @srdtwc
  • Status changed to Closed: won't fix 10 months ago
  • Comment 10 months ago β†’
    πŸ‡ΈπŸ‡¦Saudi Arabia abdulaziz zaid Riyadh

    Sorry, we can't fix this because the drush uli is the URL for resetting the password.

    You can exclude the user 1 or by role from the settings.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024