As a site administrator, I would like to be able to use TFA with a non-password based SSO/authentication like shibauth. Unfortunately the password verification in the first step of a user setting up the TFA application prompts them for a Drupal password that they do not have.

I propose creating an option that would be available to other plugins to allow for bypassing that password check. The plugins would have to account for handling it safely, but the option would need to exist in this module.

No harm in declining this, it can just reside here as possible patch for anyone else facing the use case I have described.

CommentFileSizeAuthor
#2 bypass-password-checks-at-setup-2979978-2.patch1.18 KBswirt

Comments

swirt created an issue. See original summary.

swirt’s picture

swirt
he/him
Primary language English
commented
Status: Active » Needs review
StatusFileSize
new bypass-password-checks-at-setup-2979978-2.patch1.18 KB

This patch establishes the framework for bypassing the password check when a user sets up their 2FA application.

swirt’s picture

swirt
he/him
Primary language English
commented
Related issues: +#2979983: Bypass password check at TFA setup if using passwordless system

Here is an example of other plugins using the password bypass.
https://www.drupal.org/project/tfa_basic/issues/2979983

damienmckenna’s picture

damienmckenna
Location TN, USA
commented
Assigned: swirt » Unassigned

As a reminder, the "assigned" field should be set to "unassigned" when you're done working on changes - it's for indicating you're actively working on something, so if you're done it's polite to reset it. Thanks :)

cmlara’s picture

cmlara
he/him
commented
Status: Needs review » Closed (duplicate)
Related issues: +#2931150: Confirmation forms should not require passwords

With D7 EOL approaching closing as a duplicate of #2931150: Confirmation forms should not require passwords that is already open for the 2.x branch