Closed deadmantfa closed 6 months ago
maxxer
commented
1 year ago The filter was conceived to be used only on required actions, not for everything. What's the purpose of adding this filter if you have 2fa disabled?
Can you propose some use case?
deadmantfa
commented
1 year ago If I looked at the filter correctly, this was to ensure that users are using 2FA if its disabled. It doesnt not ask the user to show 2FA screen for any action, but rather redirect them to enable the same
It can be used as suggested but it will still break as the filter doesnt not check if the user with that perticular role or permission has enabled 2FA if you look at the commit I made it just checks if the user has enabled the 2FA and the warning should not appear but continue the action.
maxxer
commented
1 year ago I apologise, I misread the request.
Please add an entry to the changelog and I'll merge right away
deadmantfa
commented
1 year ago @maxxer my apologies for not updating this sooner. I have been going through some health issues. I have updated the Changelog and updated the pull request. Kindly do the needful
Thank you
maxxer
commented
6 months ago PR merged, should fix this issue
What steps will reproduce the problem?
Enable 2FA, Use the filter on all action (TwoFactorAuthenticationEnforceFilter), it will keep redirecting to enable 2FA
What is the expected result?
If enabled the action should continue and not give warning to enable 2FA
What do you get instead?
Warning - "Your role requires 2FA, you won't be able to use the application until you enable it"