2FA registration does not auto-redirect to only available provider after deleting an existing 2FA
Concerned version
Version: 2.0.14
Summary
- Enable TOTP
- Go to 2FA manager (
/2fregisters
) - you are redirected to TOTP registration (
/2fregisters/totp
) - Register, then delete your TOTP
- Go to 2FA manager (again)
- you are not automatically redirected to TOTP registration (bad)
Logs
return [ 302, [ Location => $self->conf->{portal} . $am[0]->{URL} ], [] ]
if (
@am == 1
and not( $req->userData->{_2fDevices}
or $req->data->{sfRegRequired} )
);
does not handle $req->userData->{_2fDevices} == []
correctly