Defect #35087
Users without two-factor authentication enabled cannot sign out when two-factor authentication is required
Status: | Closed | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | % Done: | 0% | ||
Category: | Accounts / authentication | |||
Target version: | 4.2.1 | |||
Resolution: | Fixed | Affected version: |
Description
The issue was originally reported in #35086.
Suppose a Redmine instance that projects are public and can be accessed without authentication. You were logged in to Redmine, and one day the admin set two-factor authentication to be required.
But suppose that you want to access the Redmine as an anonymous user without enabling two-factor authentication. So you will try to sign out, but when you click the "Sign out" link, you will get a page asking you to enable two-factor authentication and you cannot sign out. Therefore, the only way for you to access the Redmine as an anonymous user is to delete a cookie or use a different browser.
Related issues
Associated revisions
Users without two-factor authentication enabled cannot sign out when two-factor authentication is required (#35087).
Patch by Go MAEDA.
History
#2
Updated by Go MAEDA over 1 year ago
- Related to Feature #35086: Please consider changing the way how 2FA is set up added
#3
Updated by Go MAEDA over 1 year ago
- Target version set to 4.2.1
Setting the target version to 4.2.1.
#4
Updated by Go MAEDA over 1 year ago
- Status changed from New to Resolved
- Assignee set to Go MAEDA
- Resolution set to Fixed
Committed the patch.
#5
Updated by Go MAEDA over 1 year ago
- Status changed from Resolved to Closed