Skip to content
This repository has been archived by the owner on Dec 1, 2023. It is now read-only.

Backend password confirmation issue #6

Open
fhamelin opened this issue Oct 1, 2021 · 1 comment
Open

Backend password confirmation issue #6

fhamelin opened this issue Oct 1, 2021 · 1 comment

Comments

@fhamelin
Copy link

fhamelin commented Oct 1, 2021

The backend password confirmation when navigating in the Admin tools section does not work if failedTries is set to 0 or the number of failed tries is over this setting.

Process

  1. Navigate to Admin Tools > Settings. You will be prompted with a "Confirm with user password" modal.
  2. If your failedTries setting is not 0, type as many wrong passwords as needed to get a captcha
  3. Type your password

Expected result

Password is confirmed and the Settings page appears.

Current result

Invalid password

Possible Fix

  • In the authUser() function of the CaptchaService class, validate that $this->login['status'] != 'sudo-mode' before validating the captcha response
    Or
  • Add a captcha to the "Confirm with user password" modal
@fhamelin fhamelin mentioned this issue Oct 1, 2021
Open
@dieMelanie
Copy link
Member

Created internal ticket for this (sorry for the delay)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dieMelanie @fhamelin