Bug #93624
closed
Switch user not possible in case target user activated MFA
100%
Description
In case an admin, having MFA disabled, tries to switch to another user (Switch-User) having MFA enabled, he is redirected to the auth_mfa route to verify MFA for the target user.
Explanation
- Having passed MFA successfully is indicated by the "mfa" key set to true in the user session record
- Since the admin, having MFA disabled, did not pass MFA, no such key exists
- When switching user, the admins' session is transformed into the switch-user session, still missing the "mfa" key
- Since the target user has MFA activated and there is no key in the session, the admin is required to pass MFA for the user which is obviously not possible
Updated by Gerrit Code Review about 3 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/68164
Updated by Gerrit Code Review about 3 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/68164
Updated by Gerrit Code Review about 3 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/68164
Updated by Oliver Bartsch about 3 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 8eb464799e2dcbf3cb553c296200a32b418ddf68.
Updated by