Skip to content
Snippets Groups Projects

Issue #3394219: Import canLoginWithoutTfa from SA-CONTRIB-2023-030

Files
6
+ 4
50
@@ -5,7 +5,6 @@ namespace Drupal\tfa\Form;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Routing\RedirectDestinationInterface;
use Drupal\Core\TempStore\PrivateTempStore;
use Drupal\Core\Url;
use Drupal\tfa\TfaLoginContext;
use Drupal\tfa\TfaLoginContextFactory;
use Drupal\tfa\TfaLoginTrait;
@@ -105,8 +104,10 @@ class TfaLoginForm extends UserLoginForm {
if ($this->loginContext->isReady()) {
$this->loginWithTfa($form_state, $this->loginContext);
}
else {
$this->loginWithoutTfa($form_state);
elseif ($this->loginContext->canLoginWithoutTfa()) {
$this->loginContext->hasSkipped();
$this->loginContext->doUserLogin();
$form_state->setRedirect('<front>');
}
}
}
@@ -145,53 +146,6 @@ class TfaLoginForm extends UserLoginForm {
}
}
/**
* Handle the case where TFA is not yet set up.
*
* If the user has any remaining logins, then finalize the login with a
* message to set up TFA. Otherwise, leave the user logged out.
*
* @param \Drupal\Core\Form\FormStateInterface $form_state
* The state of the login form.
*/
protected function loginWithoutTfa(FormStateInterface $form_state): void {
// User may be able to skip TFA, depending on module settings and number of
// prior attempts.
$remaining = $this->loginContext->remainingSkips();
if ($remaining) {
$user = $this->loginContext->getUser();
if ($user->hasPermission('setup own tfa')) {
$tfa_setup_link = Url::fromRoute('tfa.overview', [
'user' => $user->id(),
])->toString();
$message = $this->formatPlural(
$remaining - 1,
'You are required to <a href="@link">setup two-factor authentication</a>. You have @remaining attempt left. After this you will be unable to login.',
'You are required to <a href="@link">setup two-factor authentication</a>. You have @remaining attempts left. After this you will be unable to login.',
['@remaining' => $remaining - 1, '@link' => $tfa_setup_link]
);
$this->messenger()->addError($message);
}
else {
$message = $this->formatPlural(
$remaining - 1,
'You are required to setup two-factor authentication however your account does not have the necessary permissions. Please contact an administrator. You have @remaining attempt left. After this you will be unable to login.',
'You are required to setup two-factor authentication however your account does not have the necessary permissions. Please contact an administrator. You have @remaining attempts left. After this you will be unable to login.',
['@remaining' => $remaining - 1]
);
$this->messenger()->addError($message);
}
$this->loginContext->hasSkipped();
$this->loginContext->doUserLogin();
$form_state->setRedirect('<front>');
}
else {
$message = $this->config('tfa.settings')->get('help_text');
$this->messenger()->addError($message);
$this->logger('tfa')->notice('@name has no more remaining attempts for bypassing the second authentication factor.', ['@name' => $this->getUser()->getAccountName()]);
}
}
/**
* Login submit handler for TFA form redirection.
*
Loading