Skip to content

Commit

Permalink
Force logout rather than 2FA is Duo session expires independent from 2FA
Browse files Browse the repository at this point in the history
  • Loading branch information
@mbish
mbish committed Nov 8, 2023
1 parent bcd2873 commit a867082
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions class-duouniversal-wordpressplugin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -272,9 +272,9 @@ function duo_verify_auth() {
$user = \wp_get_current_user();
$this->duo_debug_log( "Verifying auth state for user: $user->user_login" );
if ( $this->duo_utils->duo_role_require_mfa( $user ) && ! $this->duo_verify_auth_status( $user->user_login ) ) {
$this->duo_debug_log( "User not authenticated with Duo. Starting second factor for: $user->user_login" );
// user is already logged in no need to handle primary auth
$this->duo_start_second_factor( $user );
\wp_logout();
wp_redirect( wp_login_url() );
exit();
}
$this->duo_debug_log( "User $user->user_login allowed" );
}
Expand Down

0 comments on commit a867082

Please sign in to comment.