Admins can't disable TFA for other users [#2471799]

The 'disable TFA' asks for password confirmation - but it always checks the password of the user for whom TFA is being disabled, rather than the current user.

Comment	File	Size	Author
#3	2471799-tfa-basic-admin-disable-3.patch	3.15 KB	coltrane
#3
#1	tfa_basic-admin_disable_tfa-2471799-1.patch	801 bytes	pjcdawkins
#1
	tfa_basic-admin_disable_tfa.patch	0 bytes	pjcdawkins

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

pjcdawkins CreditAttribution: pjcdawkins commented 15 April 2015 at 16:22

File	Size
tfa_basic-admin_disable_tfa-2471799-1.patch	801 bytes

1 file was hidden/shown/deleted

File	Size
tfa_basic-admin_disable_tfa.patch	0 bytes

Comment #2

coltrane

he/him

CreditAttribution: coltrane commented 15 April 2015 at 19:16

Great catch @pjcdawkins! I'll review soon but in the meantime if you're able to add a test for this it'd be helpful.

Comment #3

coltrane

he/him

CreditAttribution: coltrane commented 26 April 2015 at 23:11

File	Size
2471799-tfa-basic-admin-disable-3.patch	3.15 KB

Added test. Going to commit this next.

Comment #4

26 April 2015 at 23:14

coltrane committed 17db775 on 7.x-1.x authored by pjcdawkins

Issue #2471799 by pjcdawkins, coltrane: Let admins disable users TFA

Comment #5

coltrane

he/him

CreditAttribution: coltrane commented 26 April 2015 at 23:14

Status:

Needs review

» Fixed

Committed

Comment #6

pjcdawkins CreditAttribution: pjcdawkins commented 26 April 2015 at 23:15

Thanks!

Comment #7

10 May 2015 at 23:24

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Admins can't disable TFA for other users

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Comment #7

Thank you to these Drupal contributors

News items

Our community

Documentation

Drupal code base

Governance of community