Contrib.social

Reset authentication

Open on Drupal.org β†’
Created on 11 October 2023, almost 2 years ago
Updated 17 October 2023, almost 2 years ago

Is there a way to just reset the authentication, not disable and enable again?

I'm asking this for when a user is not able to log in anymore. I as an admin want to reset the account so the user can login again and can start with a new authentication.

πŸ’¬ Support request
Status

Closed: works as designed

Version

1.2

Component

Code

Created by

πŸ‡³πŸ‡±Netherlands zebda

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @zebda
  • Comment almost 2 years ago β†’
    πŸ‡ΊπŸ‡ΈUnited States cmlara

    Re-tagging as at the moment this sounds like a support request not a feature request.

    I as an admin want to reset the account so the user can login again and can start with a new authentication.

    I'm a bit confused on what is being asked. This sounds exactly like what Disabling TFA does? TFA is removed and they are able to start again without tokens hampering their login?

    Could you better describe the operations workflow you are looking for to help understand what options might be available?

  • Comment almost 2 years ago β†’
    πŸ‡³πŸ‡±Netherlands zebda

    Sorry if I wasn't clear in my first post. I want the settings of one user to be reset not disabled.

    • Disabling will disable TFA for an account. So this user can, when TFA is not enabled again, log in without TFA.
    • Reset will only reset all setting so the user is forced to setup authentication again otherwise the user will be blocked after 3 times logging in without validation.

    When you disable TFA and enable TFA for a user the account is reset and the user is forced to authenticate again. But this is not what I want because I want the user to be able to reset its TFA settings, for example when the user bought a new phone, without being enable to disable TFA all together. Because I want all my users to use TFA.

    Hope it is more clear what I am looking for.

  • Comment almost 2 years ago β†’
    πŸ‡ΊπŸ‡ΈUnited States cmlara

    A quick test in my lab indicates that if a user has a role that is configured in TFA Settings as "required to set up TFA" it will enforce the counter after TFA has been disabled by an admin for that user.

    A skip limit of 1 would allow a user to login and require them to setup a second factor immediately,

  • Comment almost 2 years ago β†’
    πŸ‡³πŸ‡±Netherlands zebda

    I also tried this but I see I had my skip limit higher than I thought. So yes this does work. What I am wondering though is what does enabling TFA do if disabling doesn't disable TFA but resets it? Maybe it is an idea to rename this option?

  • Comment almost 2 years ago β†’
    πŸ‡ΊπŸ‡ΈUnited States cmlara

    What I am wondering though is what does enabling TFA do if disabling doesn't disable TFA but resets it?

    It does update at least one data field to mark TFA as 'enabled' for the user, though in many cases it doesn't have a direct user impact. It does cause additional internal logic to trigger that otherwise would not. It also leaves room for our logic to possibly change in the future if need be.

    For users not required the disabling and enabling makes sense but for users where it is required you can't disable it you are indeed resetting the settings.

    In both cases it does actually Disable TFA and causes our logic to 'bail out' early, it is just when the user role has been configured to require TFA they are forced at login to re-enable it.

  • Comment almost 2 years ago β†’
    πŸ‡³πŸ‡±Netherlands zebda

    Thanks for the explanation. It is clear for me what happens now and it is the feature I'm looking for.

  • Status changed to Closed: works as designed almost 2 years ago
  • Comment almost 2 years ago β†’
    πŸ‡³πŸ‡±Netherlands zebda
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024