Defect #35087
Users without two-factor authentication enabled cannot sign out when two-factor authentication is required
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Go MAEDA | % Done: | 0% | |
| Category: | Accounts / authentication | |||
| Target version: | 4.2.1 | |||
| Resolution: | Fixed | Affected version: |
Description
The issue was originally reported in #35086.
Suppose a Redmine instance that projects are public and can be accessed without authentication. You were logged in to Redmine, and one day the admin set two-factor authentication to be required.
But suppose that you want to access the Redmine as an anonymous user without enabling two-factor authentication. So you will try to sign out, but when you click the "Sign out" link, you will get a page asking you to enable two-factor authentication and you cannot sign out. Therefore, the only way for you to access the Redmine as an anonymous user is to delete a cookie or use a different browser.
35087.patch 
(1.34 KB)
Related issues
Associated revisions
Users without two-factor authentication enabled cannot sign out when two-factor authentication is required (#35087).
Patch by Go MAEDA.
History
#2
Updated by Go MAEDA 2 months ago
- Related to Feature #35086: Please consider changing the way how 2FA is set up added