Bug #9188: MFA: logout button fails due to backdoor protection - CB - Joomlapolis forge

Actions

Copy link

Bug #9188

closed

MFA: logout button fails due to backdoor protection

Added by krileon over 1 year ago. Updated about 1 year ago.

Status:

Closed

Priority:

Normal

Assignee:

krileon

Target version:

CB 2.8.1

Start date:

07 June 2023

Due date:

% Done:

100%

Estimated time:

Description

CBs system plugin protect access from Joomla's user component being used outside of CB (e.g. backdoor login/registration). However the MFA page has a logout button. Review either removing logout URL blocking or see if MFA can be detected and allow that URL during MFA.

Actions

Copy link

Updated by krileon over 1 year ago

https://www.joomlapolis.com/forum/developer-members-support/245903-issue-with-connexion-module#334115

Actions

Copy link

Updated by krileon over 1 year ago

isHandlingMultiFactorAuthentication is called after onAfterRoute, which is what CB is using to trigger its redirects. afterDispatch (fired after isHandlingMultiFactorAuthentication) can't really be used as redirects before ours would take priority.

Actions

Copy link