joomla-cms icon indicating copy to clipboard operation
joomla-cms copied to clipboard
verified publisher icon joomla

[4.2] Handle silent response types correctly when empty

Open laoneo opened this issue 3 years ago • 3 comments

Pull Request for Issue #38790.

Summary of Changes

When silent responses types is not set in the user configuration, eg. after an upgrade. Then the MFA captive screen is always shown as soon as the session expires.

The problem is that explode(,', ''); returns an array with an empty element in it but the check is only done if the array of silent response types is empty.

Ping @nikosdion for review

Testing Instructions

  • Enable MFA method like google authenticator on your account
  • Make sure the com_users record in the extension table has params like {}
  • Log in on the front end
  • Delete the session cookie of your joomla site in the dev tools of the browser, but not the one where the name starts with "joomla_remember_me_"

Actual result BEFORE applying this Pull Request

The screen is shown which requires to enter the Verification code. Page can't be browsed.

Expected result AFTER applying this Pull Request

Page loads normal and you are logged in.

laoneo avatar Sep 21 '22 08:09 laoneo

I added a comment on an alternative implementation which should work better with the messier users (I'm sure we have several Chaotic Neutral people using Joomla).

nikosdion avatar Sep 21 '22 08:09 nikosdion

Can you have another look?

laoneo avatar Sep 21 '22 09:09 laoneo

Now it should also work when you put in something like " , " in the user options.

laoneo avatar Sep 21 '22 09:09 laoneo