Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure 2FA is not loaded when safemode is triggered #18501

Merged
merged 1 commit into from Dec 15, 2021
Merged

Ensure 2FA is not loaded when safemode is triggered #18501

merged 1 commit into from Dec 15, 2021

Conversation

sgiehl
Copy link
Member

@sgiehl sgiehl commented Dec 14, 2021

Description:

While testing another PR including some db schema changes I observed some weird issue, where while loading the update page the page for setting up 2FA was displayed.

The reason for that took me a while to figure out:

When opening Matomo the updater was triggered due to the version change. While the update is being prepared those components not having an update file are already updated (e.g. version is adjusted in option table). That update triggers an event, which causes the TagManager to update the containers. In my case updating the containers ran into a maximum execution time exceeded error. That error should then actually be displayed in the safemode screen. But as this error happened within a method running within Access::doAsSuperUser, the login was temporary set to super user was set. This caused the 2FA is forced screen to be rendered instead (as I had force 2FA enabled).

Steps to reproduce the error on 4.x-dev

  • Setup 2FA for super user account
  • Enable Enforce 2FA
  • Logout from Matomo
  • switch to a branch containing database & version update, or simulate that by running a db query like UPDATE matomo_option SET option_value='4.5.0-b1' WHERE option_value='4.7.0-b1'
  • Adjust plugins\TagManager\TagManager.php and add this lines somewhere within Access::doAsSuperUser (around line 270) 
    set_time_limit(1);
sleep(2);
  • Open Matomo, which should trigger the Updater
  • The above added lines will trigger an execution time error causing 2FA setup to be displayed

Review

@sgiehl sgiehl added Bug For errors / faults / flaws / inconsistencies etc. Needs Review PRs that need a code review labels Dec 14, 2021
@sgiehl sgiehl added this to the 4.7.0 milestone Dec 14, 2021
@sgiehl sgiehl merged commit 8006582 into 4.x-dev Dec 15, 2021
@sgiehl sgiehl deleted the 2fasafemode branch December 15, 2021 10:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsteur tsteur tsteur approved these changes

Assignees
No one assigned
Labels
Bug For errors / faults / flaws / inconsistencies etc. Needs Review PRs that need a code review
Projects
None yet
Milestone
4.7.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@sgiehl @tsteur