Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shouldn't two-factor authentication work without cookie consent? #17133

Closed
gvkries opened this issue Dec 6, 2024 · 2 comments · Fixed by #17136
Closed

Shouldn't two-factor authentication work without cookie consent? #17133

gvkries opened this issue Dec 6, 2024 · 2 comments · Fixed by #17136
Assignees
@gvkries
Labels
enhancement

Comments

@gvkries
Copy link
Contributor

gvkries commented Dec 6, 2024

Two-factor authentication is blocked if cookies are not accepted. I think this is not necessary, because authentication cookies are essential and must always be allowed.

See:

OrchardCore/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/Index.cshtml

Line 26 in 9a1d682

var canTrack = ViewContext.HttpContext.Features.Get<ITrackingConsentFeature>()?.CanTrack ?? true;

OrchardCore/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/Index.cshtml

Lines 36 to 44 in 9a1d682

@if (!canTrack)
{
<div class="alert alert-danger text-center">
<strong>@T["Privacy and cookie policy have not been accepted."]</strong>
<p>@T["You must accept the policy before you can enable two-factor authentication."]</p>
</div>
return;
}

/cc @MikeAlhayek @Piedone
@MikeAlhayek
Copy link
Member

Yeah that condition should be removed. Do you want to submit a PR?

@gvkries
Copy link
Contributor Author

gvkries commented Dec 6, 2024

Alright, I can do it.

@gvkries gvkries self-assigned this Dec 6, 2024
@gvkries gvkries mentioned this issue Dec 6, 2024
Merged
This was referenced Jan 1, 2025
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gvkries gvkries

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow two-factor authentication without cookie consent. gvkries/OrchardCore
2 participants
@gvkries @MikeAlhayek