Continue login after mandatory 2FA registration
Concerned version
Version: 2.0.14
Platform: (Nginx/Apache/Node.js)
Current behavior
- Enable TOTP and set sfRequired to 1
- go to some application
- Login without TOTP
- LLNG makes you register OTP
- After registering you need to click to Go To Portal
☹ - Then, you need to authenticate again
☹ - Then, you need to enter OTP, again
☹ - Finally, you end up on the app
vokoscreenNG-2022-08-08_17-10-04
Desired behavior
We should simplify this, by allowing all registrable 2FA types to continue the login flow after registration.
In order to do this, we need to mutualize some code between Main/SecondFactor.pm and 2F/Engine/Default.pm. Especially the code that stores current state (_2fRealSession etc) and restores it to continue login. This also requires some changes in the way TOTP/WebAuthn/U2F registration works, which is JS based for now, but in order to implement this change we will need to change it to be server-side. This is likely to be a breaking change, but users will probably be happier because the current UI is very confusing.