joomla-cms icon indicating copy to clipboard operation
joomla-cms copied to clipboard
verified publisher icon joomla

[5.2] MFA and Silent Logins

Open leeroy1821 opened this issue 1 year ago • 6 comments

Pull Request for Issue #42308 .

Replaces #43790

Summary of Changes

Update \Joomla\Plugin\System\Webauthn\PluginTraits\AjaxHandlerLogin. Fix loading user plugins (broken because maybe a b/c break?). Fix wrong events constructors (missing subject, wrong argument order). Fix triggering events (wrong event name passed).

Testing Instructions

  • Create user with MFA and passkey login
  • Users, Manage, Options, Multi-factor Authentication, Multi-factor Authentication after silent login => No.
  • Log out
  • Log in with passkey

Actual result BEFORE applying this Pull Request

Joomla! asks for MFA

Expected result AFTER applying this Pull Request

Joomla does not ask for MFA

Link to documentations

Please select:

  • [ ] Documentation link for docs.joomla.org:

  • [x] No documentation changes for docs.joomla.org needed

  • [ ] Pull Request link for manual.joomla.org:

  • [x] No documentation changes for manual.joomla.org needed

leeroy1821 avatar Jul 15 '24 12:07 leeroy1821

I have tested the code on our test site (J5.1.2) and this fixed the issue. I can login with the passkey, without also needing to use the 2FA token of my security key. Also, the login without the passkey (normal account login + required 2FA token) still works as expected. Excellent! I hope to see this fix in the next Joomla release.

Thanks @leeroy1821

jjnxpct avatar Jul 15 '24 12:07 jjnxpct

I have tested the code on our test site (J5.1.2) and this fixed the issue. I can login with the passkey, without also needing to use the 2FA token of my security key. Also, the login without the passkey (normal account login + required 2FA token) still works as expected. Excellent! I hope to see this fix in the next Joomla release.

Thanks @leeroy1821

@jjnxpct Please go to the issue tracker here https://issues.joomla.org/tracker/joomla-cms/43796 and use the blue "Test this" button at the top left corner, select your test result and submit. Otherwise your test will not be counted. A PR needs 2 successful human tests to get accepted.

richard67 avatar Jul 15 '24 17:07 richard67

I have tested this item :white_check_mark: successfully on 7092eccfebc225fb6ac8752d5361bb500a242384

I have tested the code on our test site (J5.1.2) and this fixed the issue. I can login with the passkey, without also needing to use the 2FA token of my security key. Also, the login without the passkey (normal account login + required 2FA token) still works as expected. Excellent! I hope to see this fix in the next Joomla release.

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/43796.

jjnxpct avatar Jul 30 '24 07:07 jjnxpct

I have tested this item :white_check_mark: successfully on 7092eccfebc225fb6ac8752d5361bb500a242384

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/43796.

viocassel avatar Jul 30 '24 13:07 viocassel

RTC

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/43796.

Quy avatar Jul 30 '24 14:07 Quy

I have tested this item :white_check_mark: successfully on 9365fa0e0b430ba138a114f67bc96bbab9baf356

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/43796.

jhrenshaw avatar Aug 20 '24 20:08 jhrenshaw

Thank you for your contribution @leeroy1821!

Hackwar avatar Sep 11 '24 21:09 Hackwar