You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Email MFA codes sporadically being sent multiple times during password resets
Description
Given a user registered to an application and that has email MFA enabled, when a password reset email is sent and the user clicks on the link in the email they are occasionally sent multiple MFA codes via email. The codes are distinct and only the latest is valid. This is does not always happen, sometimes one code is sent and on occasion I have seen more than two.
I have validated that this is not a result of multiple API calls or redirects from the browser, sometimes the second code takes a few seconds to be sent after the first. Nothing in the logs indicates an error.
Affects versions
Found on 1.42.1, as of yet unable to reproduce on 1.45.1
Steps to reproduce
Steps to reproduce the behavior:
Create a user
Register the user for an application
Set up email MFA for the user via api
In the Admin UI send the user a password reset email
Email MFA codes sporadically being sent multiple times during password resets
Description
Given a user registered to an application and that has email MFA enabled, when a password reset email is sent and the user clicks on the link in the email they are occasionally sent multiple MFA codes via email. The codes are distinct and only the latest is valid. This is does not always happen, sometimes one code is sent and on occasion I have seen more than two.
I have validated that this is not a result of multiple API calls or redirects from the browser, sometimes the second code takes a few seconds to be sent after the first. Nothing in the logs indicates an error.
Affects versions
Found on 1.42.1, as of yet unable to reproduce on 1.45.1
Steps to reproduce
Steps to reproduce the behavior:
Expected behavior
Only one MFA code should be sent
Platform
(Please complete the following information)
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
Additional context
Seen on a staging system, I have not been able to reproduce myself yet on the latest code.
The text was updated successfully, but these errors were encountered: