Contrib.social

Warn users that TFA is incompatible with modules overiding specific routes

Open on Drupal.org β†’
Created on 30 June 2024, 7 months ago
Updated 31 July 2024, 6 months ago

Problem/Motivation

Both modules are overriding user.reset.login route controller and resulting behaviour is unexpected at best and really confusing.

Steps to reproduce

Enable TFA, email_registration and PRLP modules
Configure TFA
Require Authenticated users to have TFA
Register new user
Follow the link in the inbox - the user is present with the Set password form
fill in password fields and submit the form
user is present with the use edit form and a message You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.

Expected result

Submitted password is stored in the user account.

Actual result

Submitted password is ignored.

Proposed resolution

Updated project page and README.md stating that TFA is incompatible with PRLP module.

Remaining tasks

TBD

πŸ“Œ Task
Status

Active

Version

1.0

Component

Documentation

Created by

πŸ‡³πŸ‡ΏNew Zealand RoSk0 Wellington

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @RoSk0
  • Comment 7 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States cmlara

    Does this incompatibility exist with 2.x when πŸ“Œ Use an EventSubscriber to process one time login links Needs work is applied?

  • Status changed to Postponed: needs info 7 months ago
  • Comment 7 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States cmlara
  • Comment 7 months ago β†’
    πŸ‡³πŸ‡ΏNew Zealand RoSk0 Wellington

    I haven't tested on 2.x ... My report was about 8.x-1.x as the current stable one.

  • Status changed to Active 7 months ago
  • Comment 7 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States cmlara

    That would be closer to what I expected.

    I have not validated the interactions however if both modules do implement overriding the same route I would expect incompatibility.

    I would prefer we not have to maintain an exhaustive list as such I would encourage any such documentation be written generically allowing site owners to make judgments based on what they know about their site to make a determination on if they will encounter issues.

  • First commit to issue fork.
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024