Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The 'disable TFA' asks for password confirmation - but it always checks the password of the user for whom TFA is being disabled, rather than the current user.
Comment | File | Size | Author |
---|---|---|---|
#3 | 2471799-tfa-basic-admin-disable-3.patch | 3.15 KB | coltrane |
#1 | tfa_basic-admin_disable_tfa-2471799-1.patch | 801 bytes | pjcdawkins |
Comments
Comment #1
pjcdawkins CreditAttribution: pjcdawkins commentedComment #2
coltraneGreat catch @pjcdawkins! I'll review soon but in the meantime if you're able to add a test for this it'd be helpful.
Comment #3
coltraneAdded test. Going to commit this next.
Comment #5
coltraneCommitted
Comment #6
pjcdawkins CreditAttribution: pjcdawkins commentedThanks!