One setup step remaining, two QR Code Scans required

Updated issue with reproduction steps.

It appears this only occurs when setting up a plugin that is not the 'default' plugin type.

Need to review code to determine what the original intended logic was before evaluating resolutions.

I came across this issue while using multiple plugin types. I can confirm that this only occurs for the plugin types that are not the default plugin type.
The user does not get redirected to the overview but instead also has a "Skip and finish" button. When the user clicks on that button, the status message: "Setup of TFA Email one-time password (EOTP) canceled." appears, which suggests that the setup did not happen but it did.

I removed most of the tfaNextSetupStep() function in a patch, which solved this problem for me. I could not find any further issues without the removed code.

Hi!

I found out that the form plugin was not updating when the form was rebuilding.
I've created a little patch that updates the plugin before the form renders again.

This bug occurred for me while setting up the TFA TOTP validation plugin which I have set as the default plugin. I have no other validation plugins enabled but I do have the TFA Trusted Browser login plugin enabled.

I can confirm the patch provided in #4 🐛 One setup step remaining, two QR Code Scans required Active fixes the issue. Thanks for the fix @tmiguelv.

D.O. has migrated away from patch files.

In order for tests to run we require all submissions to be in the form of a Merge Request.

More details may be found at: https://www.drupal.org/docs/develop/git/using-gitlab-to-contribute-to-dr... →

Quick glancing:
I suspect there will be a PHPCS warning on the comment in the patch file,
I haven’t analyzed the logic flow.

Same here as for tame4tex. Drupal 10.3.13 and tfa module 1.10.0. I had the TOTP method set as default, with a second method enabled. When I tried to set up the TOTP for a user, the code scan was requested twice. This stopped with the patch.

I created an issue fork and committed the patch from #4 by tmiguelv. I fixed the comment to adhere to Drupal guidelines. For me, this works. but I also didn't analyze the logic flow in detail.

I see there are some functional tests already. Why aren't they picking up this behavior? With the patch applied, the second step of the form was setting up the trusted browsers. `TfaTotpSetupPluginTest` probably doesn't use this feature, so it is not a multi-step form. I think, `testPluginSetup` should be copied to a `testPluginSetupMultiStep`. Or should we add a new test for the trusted browser feature?

Quick glance, it appears the tests run with just a single plugin, they would not hit this condition. which is reasonable, the tests as written are plugin specific and should not be testing the rest of the general usage.

Ideally yes this would be a dedicated test that performs a mulit-step setup to validate the multi step form. Ideally built off the test plugins and not the production plugins.

Can also confirm this issue, with TFA 1.10

Validation Plugin: TFA TOTP

1. Add new user
2. Login with new user
3. Prompted to setup TFA
4. Enter password
5. Given QR code, scan the code (Google Auth app)
6. Add application verified code
7. Verify and Save
8. Form reloads, with a new app code, (assumedly new QR code)
9. Scan the QR code again (Google Auth app)
10. Add application verified code
11. Save

Seems to work properly the second time.

This also only seems to happen for a brand new user.... if I 'Reset application' I don't need to do the second QR code scan,

Patch from #4 does seem to fix this (thanks) - I believe it also fixes some other issues I was seeing, IE, the 'Skip and finish' element (I believe) was displaying on the wrong step. It now sits on the 'Trust browser' step which feels proper.