Bug #22072
closedEntering OTP on site profile redirects me to https://commons.gc.cuny.edu
0%
Description
On https://khatchad.commons.gc.cuny.edu/wp-admin/profile.php, there are "Two-Factor Options." However, to change these, you need to enter an OTP. There's a button there to do that. Once I click that, I enter the OTP on the OTP page (the URL of that page is https://commons.gc.cuny.edu/wp-login.php?action=revalidate_2fa&redirect_to=https%3A%2F%2Fcommons.gc.cuny.edu%2Fwp-admin%2Fuser%2Fprofile.php%23two-factor-options). I would then expect to go back to https://khatchad.commons.gc.cuny.edu/wp-admin/profile.php so that I can change the options I was going to change in the first place, but instead, I am redirected to https://commons.gc.cuny.edu.
Updated by Raffi Khatchadourian 4 days ago
Seems related to https://redmine.gc.cuny.edu/issues/22063.
Updated by Raymond Hoh 3 days ago
- Status changed from New to Testing Required
Hi Raffi,
We have some code to redirect sub-site login requests to the main site. This appears to be conflicting with the 2FA plugin. I've just omitted the 'revalidate_2fa' action from the redirection. (Boone, for your reference, see https://github.com/cuny-academic-commons/cac/blob/b0e573e0d59e747f3549269aad74f0ea8f68b168/wp-content/mu-plugins/wp-ms-login.php#L110 . I've made the change on production, but haven't committed the change yet.)
Raffi, can you try your 2FA revalidation workflow again when you have the chance to see if this is fixed?
Updated by Raffi Khatchadourian 3 days ago
It works. I am redirected to: https://khatchad.commons.gc.cuny.edu/wp-admin/profile.php#two-factor-options. Thanks!
Updated by Raymond Hoh 3 days ago
- Status changed from Testing Required to Resolved
- Assignee set to Raymond Hoh
- Target version set to 2.5.3
Thanks for reporting the bug and for testing the 2FA feature, Raffi!
Committed the change in https://github.com/cuny-academic-commons/cac/commit/9ae856659106cc29160497fd2f70e6637af107e6 and pushed to production.