Project

General

Profile

Actions

Defect #35087

closed

Users without two-factor authentication enabled cannot sign out when two-factor authentication is required

Added by Go MAEDA over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Accounts / authentication
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

The issue was originally reported in #35086.

Suppose a Redmine instance that projects are public and can be accessed without authentication. You were logged in to Redmine, and one day the admin set two-factor authentication to be required.

But suppose that you want to access the Redmine as an anonymous user without enabling two-factor authentication. So you will try to sign out, but when you click the "Sign out" link, you will get a page asking you to enable two-factor authentication and you cannot sign out. Therefore, the only way for you to access the Redmine as an anonymous user is to delete a cookie or use a different browser.


Files

35087.patch (1.34 KB) 35087.patch Go MAEDA, 2021-04-14 04:27

Related issues

Related to Redmine - Feature #35086: Please consider changing the way how 2FA is set upClosed

Actions
Actions #1

Updated by Go MAEDA over 3 years ago

The attached patch fixes the issue.

Actions #2

Updated by Go MAEDA over 3 years ago

  • Related to Feature #35086: Please consider changing the way how 2FA is set up added
Actions #3

Updated by Go MAEDA over 3 years ago

  • Target version set to 4.2.1

Setting the target version to 4.2.1.

Actions #4

Updated by Go MAEDA over 3 years ago

  • Status changed from New to Resolved
  • Assignee set to Go MAEDA
  • Resolution set to Fixed

Committed the patch.

Actions #5

Updated by Go MAEDA over 3 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF