New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
require TwoFA to be verified before updating code base #14251
Comments
What do you mean by "prompted for upgrade"? We screen to complete the upgrade by executing the updates is shown to anyone AFAIK, even to not logged in users if I remember correctly |
Yes, by "prompted for upgrade", I meant the screen showing that an upgrade is available. Matomo initiated the upgrade once I logged in with password, but it didn't require 2FA. It seems to me that it ought to, if 2FA is enabled, no? |
@paulrudy I can't reproduce it. What I would expect is that it shows the "Please update the database screen". We would show this even to a logged out user if you just updated the codebase. This is done in #13796 After logging in, you can access the update screen though directly by opening eg the URL https://matomo.example.com/index.php?module=CoreUpdater&action=newVersionAvailable . |
* require TwoFA to be verified before updating code base fix #14251 * Remove part ofcomment
Sorry for the late reply. Glad my comment was useful, even if I couldn't quite remember accurately. |
When visiting self-hosted Matomo installation (with two-factor authentication enabled):
It seems to me 2 factor authentication should be successfully completed before prompting for upgrade and before permitting initiation of upgrade.
The text was updated successfully, but these errors were encountered: