As a site administrator, I would like to be able to bypass my the TFA setup password checks in the case where initial authentication is handled by a Drupal passwordless system like shibauth.

This builds upon the patch to TFA here https://www.drupal.org/project/tfa/issues/2979978

No harm in declining this, it can just reside here as a possible patch for anyone else facing the use case I have described.

CommentFileSizeAuthor
#2 bypass-password-checks-at-setup-2979983-2.patch5.81 KBswirt

Comments

swirt created an issue. See original summary.

swirt’s picture

swirt
he/him
Primary language English
commented
Status: Active » Needs review
StatusFileSize
new bypass-password-checks-at-setup-2979983-2.patch5.81 KB

This patch merely allows the password verification to by bypassed if the bypass has been enabled.

It does account for the possibility where without a password check, anyone could change anyone elses' TFA application.

damienmckenna’s picture

damienmckenna
Location TN, USA
commented
Assigned: swirt » Unassigned

As a reminder, the "assigned" field should be set to "unassigned" when you're done working on changes - it's for indicating you're actively working on something, so if you're done it's polite to reset it. Thanks :)