Defect #35087
closed
Users without two-factor authentication enabled cannot sign out when two-factor authentication is required
0%
Description
The issue was originally reported in #35086.
Suppose a Redmine instance that projects are public and can be accessed without authentication. You were logged in to Redmine, and one day the admin set two-factor authentication to be required.
But suppose that you want to access the Redmine as an anonymous user without enabling two-factor authentication. So you will try to sign out, but when you click the "Sign out" link, you will get a page asking you to enable two-factor authentication and you cannot sign out. Therefore, the only way for you to access the Redmine as an anonymous user is to delete a cookie or use a different browser.
Files
Related issues
Updated by Go MAEDA over 2 years ago
- File 35087.patch 35087.patch added
The attached patch fixes the issue.
Updated by Go MAEDA over 2 years ago
- Related to Feature #35086: Please consider changing the way how 2FA is set up added
Updated by Go MAEDA over 2 years ago
- Target version set to 4.2.1
Setting the target version to 4.2.1.
Updated by Go MAEDA over 2 years ago
- Status changed from New to Resolved
- Assignee set to Go MAEDA
- Resolution set to Fixed
Committed the patch.