Closed CERT-BA closed 2 weeks ago
Internal Issue 633
Hi, I opened a PR (Pull 496) related to this. We already use this solution in our company and have to update every time this file. Please have a look on it. :)
@rkaldung Already done and I left you a comment ;-)
@rkaldung Already done and I left you a comment ;-)
Thanks. New PR #502 .
@rkaldung Already done and I left you a comment ;-)
Thanks. New PR #502 .
@rkaldung Could you please check the new PR?
The pull request is part of Znuny 7.0.18 and Znuny LTS 6.5.9. Thank you @CallMeFlanby
Environment
Expected behaviour
API users should be able to login even if 2FA is mandatory. Either by providing the 2FA token in the API login, intruducing api keys which allows an API user to login with or disabling 2FA for API users.
Actual behaviour
If 2FA is mandatory API users cannot login anymore - even if the token is provided within the login request.
How to reproduce
Steps to reproduce the behavior:
Additional information
We temporary fixed the problem by patching the file Kernel/GenericInterface/Operation/Common.pm with the attached patch file - after that the API user can provide the TwoFactorToken within the login request.
Screenshots
Common.pm.patch