If the tfa and tfa_basic modules are in use on a site alongside the legal module and tfa is enabled for a role and a user with that role who has already set up their tfa access tries to reset their password they will receive an access denied error on a password reset instead of being prompted for their tfa code after agreeing to the Terms & Conditions from legal.
This issue seems to be closely related to: https://www.drupal.org/project/legal/issues/1644018 but I am unsure how to fix that issue for the time being and am proposing a work around for this specific use case: the option to bypass the Terms & Conditions displayed from legal on password resets.
Comments
Comment #2
JayDarnellComment #3
JayDarnellPotential patch to bypass legal Terms and Conditions for password resets:
Comment #4
JayDarnellFixed an issue: missing strict comparison and moved logic for password reset bypass into a separate function for readability:
Comment #5
swirtComment #6
apadernoComment #7
helmo CreditAttribution: helmo at Initfour websolutions for DNV GL commentedThanks, this patch worked just great.