@Starker3 opened this Issue on October 24th 2022 Contributor

Similar to https://github.com/matomo-org/plugin-LoginLdap/issues/310

In some cases a Matomo admin might want to disable the password prompt that they get when performing any admin actions in a Matomo instance (Eg. creating a new user, changing settings, etc.)

For Matomo instances that have a high number of users and/or measurables this can mean that a Matomo admin enters their password for confirmation many times in a potentially short period of time.

With the new Password prompt implementation it is possible to disable the requirement for a password and instead just have a "Yes/No" prompt: https://github.com/matomo-org/matomo/pull/19525

However, from a security standpoint it would likely be best to have this still enabled by default and perhaps add a config option that could disable the password prompt.

@peterhashair commented on October 25th 2022 Contributor

I will put this in the backlog for prioritization. But this may be will cause a security concern.

@xpufx commented on October 28th 2022

I installed matomo 10 minutes ago and I am about ready to give up due to this weird behavior. Please make it optional as soon as possible. It's super annoying.

@justinvelluppillai commented on October 31st 2022 Member

@mattab this is a fairly regular request after we made changes for security purposes. Perhaps we could provide workarounds for certain use cases.

See also #19772

@mattab commented on October 31st 2022 Member

How do other Saas tools like Github handle this? Do they remember for like 5minutes that the password was given, or something like this? There must be a common way to solve this problem and it would be great to learn what it is so we don't have to reinvent the wheel (and ideally we don't introduce a new setting...)

@lance-matomo commented on November 8th 2022

There are a couple of Wordpress plugin users that can't use these password protected features at all, they keep getting incorrect password notifications. They tried updating their passwords, using simpler passwords, using more complex passwords and updating their passwords directly in the db. Nothing worked for them. I was unable to reproduce this locally.

@mattab commented on November 8th 2022 Member

Proposed solution

  • introduce a new INI setting to let people disable the password confirmation.
  • create a new FAQ "How do I disable the password confirmation prompt?" that explains how it's not recommended because it lowers security, but when it's required for some reason, it's possible.
  • both core & WP users could leverage this setting if needed

For now i'd say we don't need to link to the FAQ within the app itself, as I guess it's very rarely needed so not worth maybe.

@sgiehl commented on November 9th 2022 Member

It is kind of already possible to disable the password check by adding this to config/config.php

<?php

return [
    'observers.global' => \DI\add([
        ['Login.userRequiresPasswordConfirmation', \DI\value(function (&$requiresPasswordConfirmation, $login) {
            $requiresPasswordConfirmation = false;
        })],
    ]),
];

That way the password confirmation boxes are still shown, but you can simply click ok, without entring a password.
Might be a suitable solution for the users currently having a problem.

Powered by GitHub Issue Mirror