Project

General

Profile

Actions
Copy link

Bug #99397

open

Refresh login does not take MFA into account

Added by Chris Müller over 1 year ago. Updated over 1 year ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
2022-12-20
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Multi-factor authentication is activated.

Then:
- The user is logged-out of the backend in a non-active tab.
- Activating the tab later shows the refresh login modal.
- Enter the password and submit.
- The (empty) password field is displayed again.

Reloading the tab displays then the MFA field. Entering there the MFA part then the login is performed successfully.

Instead: The MFA field should be displayed directly in the modal after entering the password.

Actions
Copy link
 #1

Updated by Alexander Frey over 1 year ago

Same Problem here with 11.5 and enabled MFA.
Additional information: when trying to enter password in the modal, it doesn't work, if you then click exit or relaod the tab the MFA-input is displayed but following error is thrown:

Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1632154036: MFA setup is not necessary. Do not call this endpoint on your own. | InvalidArgumentException thrown in file /var/www/html/vendor/typo3/cms-backend/Classes/Controller/MfaSetupController.php in line 85. Requested URL: https://domain.ddev.site/typo3/setup/mfa?token=--AnonymizedToken--

After successful login a red error message is display (validation of security token of the form invalid).

Actions
Copy link

Also available in: Atom PDF