Closed matthewhilton closed 9 months ago
Login banner before being accepted returns an UNKNOWN status.
The grace factor when checking if other factors pass before redirecting, uses the get_cumulative_weight function. This, however, would stop checking factors if it encountered an UNKNOWN factor. See https://github.com/catalyst/moodle-tool_mfa/blob/29963a6fa7c6538c8ae79d924a034c03d6ff7755/classes/manager.php#L827-L829
get_cumulative_weight
UNKNOWN
So if you had a passing factor below a login banner factor, grace mode would trigger because it would never see the passing factor. So factors that require setup e.g. TOTP would get redirected to by grace mode, instead of passing outright.
Login banner before being accepted returns an UNKNOWN status.
The grace factor when checking if other factors pass before redirecting, uses the
get_cumulative_weightfunction. This, however, would stop checking factors if it encountered anUNKNOWNfactor. See https://github.com/catalyst/moodle-tool_mfa/blob/29963a6fa7c6538c8ae79d924a034c03d6ff7755/classes/manager.php#L827-L829So if you had a passing factor below a login banner factor, grace mode would trigger because it would never see the passing factor. So factors that require setup e.g. TOTP would get redirected to by grace mode, instead of passing outright.