Fix for Double Submit Action in SMS Verification

[Floris999]

Problem: The auto-submit for an SMS verification code can be triggered by two actions:

1. The js_call auto-submit (triggered by an input of 6 numbers).
2. The button in the verification step (a user click action).

Because of this, there are situations where the submit action is triggered twice, especially when the auto-submit takes a bit longer and the user is able to click on the button to submit the verification code. This causes problems because the $_SESSION is unset after submit. So when it runs for a second time, the $_SESSION factor phone variable is empty.

Solution: I have removed the auto-submit to prevent double invocation of setup_user_factor, which causes verification step failure due to session unset. So the submit action is always triggered by a click from the user.

Change in classes/local/form/verification_field.php:

`if ($PAGE->pagelayout === 'secure') { $this->appendjs = true; } else {

/**

• Modification:
• Autosubmit removed to prevent double invocation of setup_user_factor,
• which causes verification step failure due to session unset.
• $PAGE->requires->js_call_amd('tool_mfa/autosubmit_verification_code', 'init', []);
• Modification end.

*/ }`

[justusdieckmann]

I've opened a moodle issue in the tracker with a patch which keeps the auto-submission working: https://tracker.moodle.org/browse/MDL-82838