Cannot login locally when MFAEnabled in SiteConfig, even when config enabled = false

[Leapfrognz]

Issue I cannot login to /admin on my dev enviornment if MFAEnabled in the databse is on, even if config enabled is off.

Steps to reproduce:

1. Download a snapshot of the database from Prod with SiteCofnig MFAEnabled true. (or just change manually in your DB)
2. Go to /admin on local and you will be redirected to the login form
3. Submit as usual,
4. You will be redirected back to the login form

It seems that the login form just redirects to itself if it finds that MFA is disabled. I think because it calls redirectAfterSuccessfulLogin on the MFA authenticator class, not its parent class, even when MFA is disabled.

Im getting this in a fresh install of CWP Recipe 2.5

[Cheddam]

Hey @Leapfrognz, thanks for raising this. We've had a few different edge-cases reported recently, and I'm focussing on the positive indication that the module is getting some traction 😉

I've raised a fix for the 4.0 branch at #381, and I'll get a patch release out the door once it's merged.

[Leapfrognz]

Cool thanks, Yes we have a lot of Gov clients asking for this as an alternative to IP whitelisting /admin (which is iffy at best during lockdown for people with dynamic IP's and unstable VPN's). On the most part it is stable and works, just edge cases like you said. Sorry I didnt see #381.

[Cheddam]

This is resolved as of 4.0.6 and 3.0.1.