- Set auth.require-approval to true
- Register an account
- Wait Patiently
Description
Description
Related Objects
Related Objects
- Mentioned In
- T12657: Add Authentication Factor fails silently for users without a verified email address
- Mentioned Here
- T13024: Fix various session initialization order issues
T12570: Installs without `gd` are unable to reach the setup warning telling them to install `gd`
T8918: Header shows number of notifications and various other controls on the 2FA auth screen
Event Timeline
Comment Actions
T8918 is related.
Only "Logout" will actually work and the other links should be disabled for MFA/approval users with a "partial" session.
Reproducing this probably also requires that security.alternate-file-domain not be configured.
The immediate issue here is probably that PhabricatorFileDataController needs to implement shouldAllowPartialSessions().
Comment Actions
Stealing this since I think it's session/auth related, not profile picture related: I think the user has a legitimate picture, they just aren't allowed to download it since they have a partial session.
Comment Actions
For my own reference, T12570 isn't exactly related but can probably be tested/fixed at the same time.