Contrib.social

Evaluate if allowUserSetupAccess should be on API or removed

Open on Drupal.org β†’
Created on 30 March 2024, 10 months ago

Problem/Motivation

allowUserSetupAccess was added to the tfa_trusted_browser plugin in #3075304: Users' recovery codes exposed to admin users β†’ . It was not added to formal API however it is used as part of the access control checks.

We should evaluate if we wish to keep this method. If so what what plugin types should implement this method. If not we should remove the method and calls.

Steps to reproduce

N/A

Proposed resolution

TBD

Remaining tasks

TBD

User interface changes

TBD

API changes

TBD

Data model changes

None

πŸ“Œ Task
Status

Active

Version

2.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States cmlara

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024