Fix for Double Submit Action in SMS Verification #460
Comments
|
I've opened a moodle issue in the tracker with a patch which keeps the auto-submission working: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem: The auto-submit for an SMS verification code can be triggered by two actions:
Because of this, there are situations where the submit action is triggered twice, especially when the auto-submit takes a bit longer and the user is able to click on the button to submit the verification code. This causes problems because the $_SESSION is unset after submit. So when it runs for a second time, the $_SESSION factor phone variable is empty.
Solution: I have removed the auto-submit to prevent double invocation of setup_user_factor, which causes verification step failure due to session unset. So the submit action is always triggered by a click from the user.
Change in classes/local/form/verification_field.php:
`if ($PAGE->pagelayout === 'secure') {
$this->appendjs = true;
} else {
/**
* Modification:
* Autosubmit removed to prevent double invocation of setup_user_factor,
* which causes verification step failure due to session unset.
* $PAGE->requires->js_call_amd('tool_mfa/autosubmit_verification_code', 'init', []);
* Modification end.
*/
}`
The text was updated successfully, but these errors were encountered: