This project is not covered by Drupal’s security advisory policy.
There is an open security issue: Unwanted bypass on second login
This module is used to address the UX concerns and general problems that exist when trying to allow users to set up their own two-factor authentication.
#2838432: Self login and tfa account setup
The module alters core user login, profile and one-time login forms to route users to the TFA setup screens if they have not yet completed them.
If you happen to be using the OpenAtrium install profile, you may also want to apply the attached patch; without it, users who have previously set up TFA and are trying to reset their password will be redirected to either a home or spaces page when attempting one-time login...not the TFA verification form.
| Attachment | Size |
|---|---|
| oa_core_login_get_destination_pass_reset.patch | 641 bytes |
Project information
- Project categories: Access control
10 sites report using this module- Created by natemow on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
