techataffinity
Forum Replies Created
-
The specific issue appears to be that if you’re logging into the admin of a “secondary” domain, once you enter your MFA code you get redirected to the main network panel.
- Which user roles are affected? — all
- Where is the login being triggered? — after the core WP login page, directly after you’ve entered your MFA code.
- When exactly does the redirect issue occur? — as above.
I’ve setup a test with only 2FA and WooCommerce, running the Twenty Twenty Five theme. I’ve tested this locally, but I can’t upload the video I’ve taken.
Anyway, I have two URLs:
- https://www.2fa-test.test/ — this is the main site, and the URL for the network admin
- https://www.2fa-second-site.test/ — this is the second site.
Problem flow:
- https://www.2fa-second-site.test/wp/wp-admin
- Enter username/password — this is fine and loads the 2FA code screen
- Enter 2FA code
- Get redirected to https://www.2fa-test.test/wp/wp-admin/network/
The expected outcome of this would be to get redirected to https://www.2fa-second-site.test/wp/wp-admin
If I remove the lines 576-578 in
web/app/plugins/wp-2fa/includes/classes/Authenticator/class-login.phpit works perfectly.This is a “clean” site and database, so I can confirm that there’s an issue here.
We have been having the same issue — I can pin it down to the following code:
web/app/plugins/wp-2fa/includes/classes/Authenticator/class-login.php — lines 574-580
$redirect_to = isset( $_REQUEST['redirect_to'] ) ? \esc_url_raw( wp_unslash( $_REQUEST['redirect_to'] ) ) : network_admin_url();
if ( self::is_woocommerce_activated()) {
$redirect_to = isset( $_REQUEST['redirect'] ) ? \esc_url_raw( wp_unslash( $_REQUEST['redirect'] ) ) : network_admin_url();
}
self::login_html( $user, $login_nonce['key'], $redirect_to );The
redirect_tovalue is set, but we also use WooCommerce, so the next lines are overwriting this asredirectisn’t set.