From 68d5b50c62b1637619fdb6761ac61588d0d69b60 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 3 Nov 2022 07:47:24 +0000 Subject: [PATCH] Bug 32066: Check 2FA pref in check_cookie_auth Test plan: Without this patch: 1. Set the syspref TwoFactorAuthentication (enforce or enabled) 2. Configure 2FA for a patron 3. Logout 4. Authenticate but don't enter the 2FA code 5. Switch off the syspref (disabled) [via another browser or so] 6. Patron is stuck on the [original] login screen. [Only removing the session cookie would resolve it.] With this patch: 1. Follow the steps above again. But note that you can refresh your browser window to get in now. 2. Verify that Auth.t passes now too. Signed-off-by: Marcel de Rooy Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi --- C4/Auth.pm | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index b6933e4cc6..8bd13e88e1 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -1784,11 +1784,13 @@ sub check_cookie_auth { $session->param('desk_id'), $session->param('desk_name'), $session->param('register_id'), $session->param('register_name') ); - return ( "additional-auth-needed", $session ) - if $session->param('waiting-for-2FA'); + if ( C4::Context->preference('TwoFactorAuthentication') ne 'disabled' ) { + return ( "additional-auth-needed", $session ) + if $session->param('waiting-for-2FA'); - return ( "setup-additional-auth-needed", $session ) - if $session->param('waiting-for-2FA-setup'); + return ( "setup-additional-auth-needed", $session ) + if $session->param('waiting-for-2FA-setup'); + } return ( "ok", $session ); } else { -- 2.39.5