SMF icon indicating copy to clipboard operation
SMF copied to clipboard
verified publisher icon SimpleMachines

2.1.3, 2FA admin controls in user profiles do not work correctly

Open LexArma opened this issue 2 years ago • 0 comments

My test sequence, pretty much exactly:

  • Install 2.1.3
  • Login as admin, register a second account, do not touch admin account settings yet
  • Login as second account, set up 2FA, log out
  • Login as admin, try to disable 2FA for second user => Nothing happens.
  • Set up 2FA for admin, then try to disable 2FA for second user => SMF tells you you are about to disable 2FA for admin.
  • Click Disable anyways, you will get notification that "The profile of second user has been updated successfully". (This appears to be true, and Admin retains 2FA.)

Conclusions:

  1. In order to be able to disable a users 2FA, the admin MUST have 2FA set up as well - No idea why.
  2. The warning message before actually doing this, doesn't recognize the edited profile correctly.
  3. The 2 above may be related? Perhaps, this is a clue to why no. 1 happens.

https://www.simplemachines.org/community/index.php?topic=584984.0

LexArma avatar Mar 11 '23 08:03 LexArma