Auto Login Module does not ask for 2FA
Closed this issue · 5 comments
PHP version: 8.2.20
FreeScout version: 1.8.143
Database: MySQL
Are you using CloudFlare: No
Are you using non-official modules: No
Auto Login Module : 1.0.2
Two-Factor Authentication Module: 1.0.11
Hello,
our administrator has activated 2fa “Required For All Users”.
When I want to login, I am asked for the second factor. That's Okay.
But when I click on a link in an email notification, I am logged in directly without having to enter a second factor. That is not okay.
The description of the Auto Login module says:
"If 2FA authentication is enabled the user will be required to pass two-factor authentication."
Is this a bug or have I forgotten to configure something?
Greetings,
Jens
It works as designed.
It works as designed. ???
Just so I understand correctly: the design is that the auto-login module never queries the second factor?
Yes.
But that makes this module a big security hole and I will probably have to switch it off :-(
In addition, your module description is not correct "If 2FA authentication is enabled the user will be required to pass two-factor authentication.”. You should adjust it accordingly.
We've added a notice regarding the Auto Login process.