Skip to content
Snippets Groups Projects
Commit 8eb46479 authored by Oliver Bartsch's avatar Oliver Bartsch Committed by Georg Ringer
Browse files

[BUGFIX] Skip MFA in switch-user mode 

In case of switching to a user, having MFA enabled,
with a user, having MFA disabled, the switching user
is required to pass the target users' MFA, because the
transformed session does not contain the `mfa` key.

Since it's obviously not possible to pass another users'
MFA, we need some exception for such scenario.

Therefore, the evaluateMfaRequirements() method
from AbstractUserAuthentication is overwritten by
BackendUserAuthentication to check if the current
session is a switch-user session. In this case,
MFA is skipped. Otherwise the parent method is
executed. Skipping MFA will be logged.

Resolves: #93624
Releases: master
Change-Id: I0625b23bee5aa202a20e2bb7ad46b6e606769134
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68164


Tested-by: default avatarTYPO3com <noreply@typo3.com>
Tested-by: default avatarcore-ci <typo3@b13.com>
Tested-by: default avatarRichard Haeser <richard@richardhaeser.com>
Tested-by: default avatarGeorg Ringer <georg.ringer@gmail.com>
Reviewed-by: default avatarBenni Mack <benni@typo3.org>
Reviewed-by: default avatarMarkus Klein <markus.klein@typo3.org>
Reviewed-by: default avatarRichard Haeser <richard@richardhaeser.com>
Reviewed-by: default avatarGeorg Ringer <georg.ringer@gmail.com>
parent ab6540fc
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment