Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign in - Wrong error message is displayed for incorrect 2FA #7517

Closed
kavimuru opened this issue Feb 2, 2022 · 7 comments
Closed

Sign in - Wrong error message is displayed for incorrect 2FA #7517

kavimuru opened this issue Feb 2, 2022 · 7 comments
Assignees
@johnmlee101
Labels
Engineering Internal Requires API changes or must be handled by Expensify staff Reviewing Has a PR in review Weekly KSv2

Comments

@kavimuru
Copy link

kavimuru commented Feb 2, 2022

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

Action Performed:

  1. Launch the app
  2. Log account with 2FA
  3. Input correct email
  4. Input correct password
  5. Enter incorrect 2FA details

Expected Result:

If I enter incorrect 2FA data it should show that I am not entering 2FA correctly

Actual Result:

Wrong message displayed for incorrect 2FA numbers: Incorrect login or password. Please try again

Workaround:

Unknown

Platform:

Where is this issue occurring?

  • Web
  • iOS
  • Android
  • Desktop App
  • Mobile Web

Version Number: 1.1.34-0
Reproducible in staging?: yes
Reproducible in production?: yes
Logs: https://stackoverflow.com/c/expensify/questions/4856
Notes/Photos/Videos:
Bug5434684_02 02 2022

Expensify/Expensify Issue URL:
Issue reported by: Applause
Slack conversation:

View all open jobs on GitHub
@MelvinBot
Copy link

Triggered auto assignment to @johnmlee101 (Engineering), see https://stackoverflow.com/c/expensify/questions/4319 for more details.

@johnmlee101
Copy link
Contributor

We can either change the return code on the backend to no longer be 401 or we just make the error more ambiguous. I'll demote since its not a severe problem

@johnmlee101 johnmlee101 added Weekly KSv2 and removed Daily KSv2 labels Feb 2, 2022
@mvtglobally mvtglobally mentioned this issue Feb 2, 2022
Closed
46 tasks
@johnmlee101
Copy link
Contributor

Will work on it this week

@MelvinBot MelvinBot removed the Overdue label Feb 15, 2022
@johnmlee101
Copy link
Contributor

no update

@MelvinBot MelvinBot removed the Overdue label Feb 23, 2022
@johnmlee101
Copy link
Contributor

No update

@MelvinBot MelvinBot removed the Overdue label Mar 8, 2022
@johnmlee101
Copy link
Contributor

https://expensify.slack.com/archives/C03TQ48KC/p1647525989751729
made some progress with deciding how to approach this. This will require some backend api changes so this will have to stay internal. Gist is we need to add a flow to Authenticate to give wrong 2FA code errors instead of generic 401s

@johnmlee101
Copy link
Contributor

Gist is we'll need to add logic to Authenticate to throw a slightly different error if it was called with a 2FA code (since it assumes you already have the correct password otherwise it won't show correctly)

This will look identical to SignIn on our API

@MelvinBot MelvinBot removed the Overdue label Mar 29, 2022
@johnmlee101 johnmlee101 added the Internal Requires API changes or must be handled by Expensify staff label Mar 29, 2022
@johnmlee101 johnmlee101 mentioned this issue Apr 4, 2022
Merged
95 tasks
@johnmlee101 johnmlee101 added the Reviewing Has a PR in review label Apr 5, 2022
@melvin-bot melvin-bot bot closed this as completed Apr 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johnmlee101 johnmlee101

Labels
Engineering Internal Requires API changes or must be handled by Expensify staff Reviewing Has a PR in review Weekly KSv2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@johnmlee101 @MelvinBot @kavimuru