[4.0] Redirect to com_admin when forcing TFA

[SharkyKZ]

Fixes #30147.

Summary of Changes

Redirect to com_admin instead of com_users when forced TFA is enabled in backend.

Testing Instructions

Enable some Two Factor Authentication plugins.
Enable "Enforce Two Factor Authentication" for Backend
Create a new user with Access Level "Manager"
Login to backend with new user, setup two factor authentication

Actual result BEFORE applying this Pull Request

Message: "You don't have permission to access this. Please contact a website administrator if this is incorrect."

Expected result AFTER applying this Pull Request

Get redirected to user profile page where TFA can be set up properly.

Documentation Changes Required

No.

[Harmageddon]

Just a short note for the testing instructions: Might be worth to mention there that one needs to enable one of the TFA plugins in order to run into this situation. ;-)

[ChristineWk]

Manager Level, before Patch, I got:
Notice
You were redirected because you are required to set up Two Factor Authentication to continue.
An error has occurred.
403 You don't have permission to access this. Please contact a website administrator if this is incorrect.

With Patch:

Then I can't close/leave the session. Had to clear Browser Cache to be able to start again with /administrator entry.

[SharkyKZ]

@Harmageddon Thanks, test instructions updated.

@le-jou @ChristineWk please test again.

[le-jou]

I have tested this item ✅ successfully on ba7c763

Works now, but finishes with warning "Warning
COM_USERS_USERS_ERROR_CANNOT_EDIT_OWN_GROUP"

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30152.}

[SharkyKZ]

That's not intended.

[ChristineWk]

I have tested this item ✅ successfully on ba7c763

With Patch (Manager):
Notice
You were redirected because you are required to set up Two Factor Authentication to continue.
FYI: But I couldn't set up TFA (no experience with this)
@Harmageddon Thks for your assistance to be able to test this PR.

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30152.}

[SharkyKZ]

PR updated. Please test again.

[le-jou]

I have tested this item ✅ successfully on 30103dd

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30152.}

[Harmageddon]

This PR does solve the bug. But I'm not sure whether it is the best solution. Is there any particular reason why the save method of ProfileModel has to be independent of its parent? This implementation leads to much duplicated code and I can see issues similar to this one here arising when someone changes UserModel::save without remembering that the same changes have to be included in ProfileModel.

In my tests, reducing the ProfileModel::save method to the following seemed to work:

	public function save($data)
	{
		$user = Factory::getUser();
		$pk   = $user->id;
		$data['id'] = $pk;
		$data['block'] = $user->block;
		return parent::save($data);
	}

Or am I missing something? What do you think about it?

[toivo]

I have tested this item ✅ successfully on 30103dd

Tested successfully in Beta3-dev of 25 July.

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30152.}

[SharkyKZ]

@Harmageddon I tried not to touch existing logic. With your code I get this when using super user account:

Save failed with the following error: You can't save a user account without selecting at least one user group.

[Harmageddon]

@SharkyKZ Oh, I see. Okay, best then to proceed merging this PR here as-is, to fix the described bug.

I'm going to write a new PR for the reduction of duplicated code, so we can test it more in detail there.

[Harmageddon]

I have tested this item ✅ successfully on 30103dd

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30152.}

[Quy]

RTC

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30152.}

[wilsonge]

Thanks!