Adds further text to reset button of webdav digest #1552
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When a user has 2FA enabled the WebDAV digest won't be created on sign in. The reason is in RedmineDmsf::Hooks::Controllers:: AccountControllerHooks#controller_account_success_authentication_after where the digest will be created only if the controller parameter ':password' is present. This works for a user authentication with login name and password only. A user with 2fa enabled runs differently through the authentication process and crosses the hook not before the 2fa token was checked. Hence, there won't be a password parameter anymore. Instead of manipulating controller params to provide the password only the button text for reseting the digest will be changed if the user has 2FA but no digest yet. This would make it more explicit that the token is not expected to exist and can be created if missing.
|
Thank you! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When a user has 2FA enabled the WebDAV digest won't be created on sign in. The reason is in RedmineDmsf::Hooks::Controllers:: AccountControllerHooks#controller_account_success_authentication_after where the digest will be created only if the controller parameter ':password' is present. This works for a user authentication with login name and password only. A user with 2fa enabled runs differently through the authentication process and crosses the hook not before the 2fa token was checked. Hence, there won't be a password parameter anymore.
Instead of manipulating controller params to provide the password only the button text for reseting the digest will be changed if the user has (2FA but) no digest yet. This would make it more explicit that the token is not expected to exist and can be created if missing.