Skip to content

Conversation

@zero-24
Copy link
Contributor

@zero-24 zero-24 commented Oct 7, 2025

Summary of Changes

Always allow the captive page and captive.validate task even with PW reset requested. I'm not 100% sure whether its a good way to put the code here but on the first look it looks ok and fixes the issue.

Testing Instructions

  • Install 5.4.0rc2
  • create secondary user within the "administrator" group
  • force the user to reset his PW and set an inital PW
  • force the administrator group to setup mfa (Users -> Manage -> Options -> Multi-factor Authentication)
  • login with that secondary user
  • setup mfa
  • try to do the next step

Actual result BEFORE applying this Pull Request

endless loop as joomla wants you to fill the captive page and reset your PW at the same time

Expected result AFTER applying this Pull Request

first joomla will allow you to fill the mfa captcha after that it will force you to reset your PW.

Link to documentations

Please select:

  • Documentation link for docs.joomla.org:

  • No documentation changes for docs.joomla.org needed

  • Pull Request link for manual.joomla.org:

  • No documentation changes for manual.joomla.org needed

@richard67 richard67 added the bug label Oct 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants