Project

General

Profile

Actions

Defect #35087

closed

Users without two-factor authentication enabled cannot sign out when two-factor authentication is required

Added by Go MAEDA almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Accounts / authentication
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

The issue was originally reported in #35086.

Suppose a Redmine instance that projects are public and can be accessed without authentication. You were logged in to Redmine, and one day the admin set two-factor authentication to be required.

But suppose that you want to access the Redmine as an anonymous user without enabling two-factor authentication. So you will try to sign out, but when you click the "Sign out" link, you will get a page asking you to enable two-factor authentication and you cannot sign out. Therefore, the only way for you to access the Redmine as an anonymous user is to delete a cookie or use a different browser.


Files

35087.patch (1.34 KB) 35087.patch Go MAEDA, 2021-04-14 04:27

Related issues

Related to Redmine - Feature #35086: Please consider changing the way how 2FA is set upClosed

Actions
Actions

Also available in: Atom PDF