Logout button doesn't work when in 2FA window

[Akhun-Delar]

When being asked for 2FA while logging in, the logout button doesnt work. Instead, the page is being reloaded.

[yurabakhtin]

@luke- I could reproduce this only when I open the logout url in new tab/window, because in such case the url is requested with GET method, but on normal click we open the logout url as POST request, because the action has $this->forcePostRequest(); and for me the click on the logout link works well, i.e. I get log out as expected.

[luke-]

@Akhun-Delar Can you please provide more details?

[Akhun-Delar]

Of course. I've set up a demo under twofabugtest.humhub.com - User is AkhunDelar, password is t5HXYh9x - the 2FA window is active then. I tested with Firefox and Chrome, latest stable version under Windows 11 and Debian 10.9 (fresh install in VirtualBox).

The test instance is the standard installation with all recommended modules + 2FA and imported sample data. 2FA module is configured to Auth app only. No other changes or settings.

Feel free to purge the instance after.

@luke- @yurabakhtin

[yurabakhtin]

@luke- @Akhun-Delar Yes, I can reproduce this on the twofabugtest.humhub.com side. It doesn't work there correctly because the logout link has no attribute data-method="POST". We already fixed this here https://github.com/humhub/twofa/pull/36/files#diff-6b50c5c79652c49abaff914c86163ba66bb7e98736f436d6d440a588b365ab6aR45 as it was requested here https://github.com/humhub/team_tasks/issues/138#issuecomment-905631296, i.e. the site twofabugtest.humhub.com has an old version of the module "2FA".

[luke-]

Release https://github.com/humhub/twofa/releases/tag/v1.0.6