[5.2] Cannot use passkey when user activation is set.

[peter1szalatnay]

Steps to reproduce the issue

1. Login and create a passkey.
2. Logout and request 'forget your password'.
3. User now remembers their password and logins in to the site.
4. Logout again.
5. Try to use passkey.

Expected result

User should be able to login with passkey.

Actual result

User get an error access denied.

System information (as much as possible)

Joomla! Version | Joomla! 5.2.2 Stable [ Uthabiti ] 26-November-2024 16:00 GMT

Additional comments

Maybe we should clear the activation flag in the user table if the user successfully logins,

[richard67]

Could you check if this is fixed by #44519 ?

[peter1szalatnay]

Could you check if this is fixed by #44519 ?

It didn't as that requires the user to be saved, and the user will not know why the login is failing.

We have two flags in the users db, activation and requireReset, If the user is clicking forgot password the activation flag is set. So there should be a check on the login. If successful and activation exists but not requireReset, remove the activation flag as the self reset is not required anymore.

joomla-cms/plugins/system/webauthn/src/PluginTraits/AjaxHandlerLogin.php

Line 155 in 33c9c7c

throw new \RuntimeException(Text::_('JGLOBAL_AUTH_ACCESS_DENIED'));

Even the error message could be changed to password reset in progress access is denied.