Email MFA codes sporadically being sent multiple times during password resets #2253
Labels
Comments
|
We should account for See This was likely introduced when we began enforcing 2FA prior to a password change. |
|
@lyleschemmerling We're on 1.45.2 now, and still able to reproduce the issue. |
|
It looks like I created a duplicate issue based on a customer report @lyleschemmerling can you confirm they are duplicates before we close this issue? |
|
Assuming this is a duplicate as mentioned. Please re-open if there is a new use case here that is not covered by existing solutions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Email MFA codes sporadically being sent multiple times during password resets
Description
Given a user registered to an application and that has email MFA enabled, when a password reset email is sent and the user clicks on the link in the email they are occasionally sent multiple MFA codes via email. The codes are distinct and only the latest is valid. This is does not always happen, sometimes one code is sent and on occasion I have seen more than two.
I have validated that this is not a result of multiple API calls or redirects from the browser, sometimes the second code takes a few seconds to be sent after the first. Nothing in the logs indicates an error.
Affects versions
Found on 1.42.1, as of yet unable to reproduce on 1.45.1
Steps to reproduce
Steps to reproduce the behavior:
Expected behavior
Only one MFA code should be sent
Platform
(Please complete the following information)
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
Additional context
Seen on a staging system, I have not been able to reproduce myself yet on the latest code.
The text was updated successfully, but these errors were encountered: