Access to user/{user}/security/tfa is denied depending on user entity or database types.
The $is_self = $account->id() === $target_user->id(); line in \Drupal\tfa\Controller\TfaLoginController::accessSelfOrAdmin expects id calls on both sides to be the exact same type, however depending on the storage backend, or if entity class is overridden with strict types, either side may not be the same type.
An ID call may return a numeric string or strict integer.
Use a database backend which returns true ints.
Or, create a bundle class with id(): int method override
The equality operator should either be less strict ==, or preferably each side coerce to integer before comparison.
Implement
Nil
Nil
Nil
Show commandsStart within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
changes, plain diff MR !16
Comments
Comment #3
dpiComment #4
jcnventuraTest-only also passed, so those tests don't seem to be doing much at all. I'm OK with just the 1-line change (i.e. "The fix").
Comment #5
dpiMight be because I pushed them too close together. I think DrupalCI only pulls latest, not specific commits.
It does fail locally when I checkout only the tests.
Mind pushing the tests also? theres no config only essentials test in the repo afaict. Plus the return type in test entity is important.
The critical line is
tests/modules/tfa_test_user/src/Entity/TfaTestUser.php:18Comment #6
jcnventuraOK. That indeed failed. Setting it to RTBC, as I've seen already what the tests are going to do, and the fix is trivial to check anyway.
Comment #9
jcnventura