fix(core): Make sure mfa secret and recovery codes are not returned on login #7936
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RicardoE105
changed the title
RicardoE105
changed the title
n8n-assistant
bot
added
core
Passing run #3203 ↗︎
Details:
Review all test suite changes for PR #7936 ↗︎ |
|||||||||||||||
|
✅ All Cypress E2E specs passed |
ivov
changed the title
Merged
ivov
added a commit
that referenced
this pull request
Dec 6, 2023
# [1.20.0](https://github.com/n8n-io/n8n/compare/n8n@1.19.0...n8n@1.20.0) (2023-12-06) ### Bug Fixes * **AWS DynamoDB Node:** Improve error message parsing ([#7793](#7793)) ([5ba5ed8](5ba5ed8)) * **core:** Allow grace period for binary data deletion after manual execution ([#7889](#7889)) ([61d8aeb](61d8aeb)) * **core:** Consolidate ownership and sharing data on workflows and credentials ([#7920](#7920)) ([38b88b9](38b88b9)) * **core:** Fix hard deletes stopping if database query throws ([#7848](#7848)) ([46dd4d3](46dd4d3)) * **core:** Make sure mfa secret and recovery codes are not returned on login ([#7936](#7936)) ([f5502cc](f5502cc)) * **editor:** Fix deletion of last execution at execution preview ([#7883](#7883)) ([ce2d388](ce2d388)) * **editor:** Replace isInstanceOwner checks with scopes where applicable ([#7858](#7858)) ([132d691](132d691)) * **Google Sheets Node:** Fix issue with paired items not being set correctly ([#7862](#7862)) ([5207a2f](5207a2f)) * **Notion Node:** Fix broken Notion node parameters ([#7864](#7864)) ([51d1f5b](51d1f5b)), closes [#7791](#7791) ### Features * **BambooHR Node:** Add support for Only Current on company reports ([#7878](#7878)) ([4175801](4175801)) * **core:** Allow admin creation ([#7837](#7837)) ([476806e](476806e)) * **editor:** Add sections to create node panel ([#7831](#7831)) ([39fa8d2](39fa8d2)) * **editor:** Open template credential setup from collection ([#7882](#7882)) ([627ddb9](627ddb9)) * **editor:** Select credentials in template setup if theres only one ([#7879](#7879)) ([fe3417a](fe3417a)) ### Performance Improvements * **editor:** Improve node rendering performance when opening large workflows ([#7904](#7904)) ([a8049a0](a8049a0)) * **editor:** Improve performance when opening large workflows with node issues ([#7901](#7901)) ([4bd7ae2](4bd7ae2)) Co-authored-by: ivov <ivov@users.noreply.github.com>
cstuncsik
pushed a commit
that referenced
this pull request
Dec 6, 2023
…n login (#7936) ## Summary What: Fix issue of login endpoint returning secret and recovery codes when MFA is enabled. Bug was introduced in this [PR](#6994), specifically in this [line](https://github.com/n8n-io/n8n/pull/6994/files#diff-95a87cb029a3d26e6722df2e68132453fc254fc1f4540cbdaa95cfdbda1893deL91). Why: We should not be filtering the secret and recovery codes Same PR caused the issues on ticket -> https://linear.app/n8n/issue/ADO-1494/on-user-list-copy-password-reset-link-and-copy-invite-link-are-broken ## Review / Merge checklist - [x] PR title and summary are descriptive. **Remember, the title automatically goes into the changelog. Use `(no-changelog)` otherwise.** ([conventions](https://github.com/n8n-io/n8n/blob/master/.github/pull_request_title_conventions.md)) - [x] [Docs updated](https://github.com/n8n-io/n8n-docs) or follow-up ticket created. - [x] Tests included. > A bug is not considered fixed, unless a test is added to prevent it from happening again. A feature is not complete without tests. > > *(internal)* You can use Slack commands to trigger [e2e tests](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#a39f9e5ba64a48b58a71d81c837e8227) or [deploy test instance](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#f6a177d32bde4b57ae2da0b8e454bfce) or [deploy early access version on Cloud](https://www.notion.so/n8n/Cloudbot-3dbe779836004972b7057bc989526998?pvs=4#fef2d36ab02247e1a0f65a74f6fb534e).
|
Got released with |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
What: Fix issue of login endpoint returning secret and recovery codes when MFA is enabled. Bug was introduced in this PR, specifically in this line.
Why: We should not be filtering the secret and recovery codes
Same PR caused the issues on ticket -> https://linear.app/n8n/issue/ADO-1494/on-user-list-copy-password-reset-link-and-copy-invite-link-are-broken
Review / Merge checklist
(no-changelog)otherwise. (conventions)