-
Notifications
You must be signed in to change notification settings - Fork 6.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(core): Make sure mfa secret and recovery codes are not returned on login #7936
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RicardoE105
changed the title
fix: Make sure mfa secret and recovery codes are not returned on login
fix(core): Make sure mfa secret and recovery codes are not returned on login
Dec 5, 2023
RicardoE105
changed the title
fix(core): Make sure mfa secret and recovery codes are not returned on login
fix(core): Make sure mfa secret and recovery codes are not returned on login (no-changelog)
Dec 5, 2023
n8n-assistant
bot
added
core
Enhancement outside /nodes-base and /editor-ui
n8n team
Authored by the n8n team
labels
Dec 5, 2023
ivov
approved these changes
Dec 6, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for catching this!
Passing run #3203 ↗︎
Details:
Review all test suite changes for PR #7936 ↗︎ |
✅ All Cypress E2E specs passed |
ivov
changed the title
fix(core): Make sure mfa secret and recovery codes are not returned on login (no-changelog)
fix(core): Make sure mfa secret and recovery codes are not returned on login
Dec 6, 2023
Merged
ivov
added a commit
that referenced
this pull request
Dec 6, 2023
# [1.20.0](https://github.com/n8n-io/n8n/compare/n8n@1.19.0...n8n@1.20.0) (2023-12-06) ### Bug Fixes * **AWS DynamoDB Node:** Improve error message parsing ([#7793](#7793)) ([5ba5ed8](5ba5ed8)) * **core:** Allow grace period for binary data deletion after manual execution ([#7889](#7889)) ([61d8aeb](61d8aeb)) * **core:** Consolidate ownership and sharing data on workflows and credentials ([#7920](#7920)) ([38b88b9](38b88b9)) * **core:** Fix hard deletes stopping if database query throws ([#7848](#7848)) ([46dd4d3](46dd4d3)) * **core:** Make sure mfa secret and recovery codes are not returned on login ([#7936](#7936)) ([f5502cc](f5502cc)) * **editor:** Fix deletion of last execution at execution preview ([#7883](#7883)) ([ce2d388](ce2d388)) * **editor:** Replace isInstanceOwner checks with scopes where applicable ([#7858](#7858)) ([132d691](132d691)) * **Google Sheets Node:** Fix issue with paired items not being set correctly ([#7862](#7862)) ([5207a2f](5207a2f)) * **Notion Node:** Fix broken Notion node parameters ([#7864](#7864)) ([51d1f5b](51d1f5b)), closes [#7791](#7791) ### Features * **BambooHR Node:** Add support for Only Current on company reports ([#7878](#7878)) ([4175801](4175801)) * **core:** Allow admin creation ([#7837](#7837)) ([476806e](476806e)) * **editor:** Add sections to create node panel ([#7831](#7831)) ([39fa8d2](39fa8d2)) * **editor:** Open template credential setup from collection ([#7882](#7882)) ([627ddb9](627ddb9)) * **editor:** Select credentials in template setup if theres only one ([#7879](#7879)) ([fe3417a](fe3417a)) ### Performance Improvements * **editor:** Improve node rendering performance when opening large workflows ([#7904](#7904)) ([a8049a0](a8049a0)) * **editor:** Improve performance when opening large workflows with node issues ([#7901](#7901)) ([4bd7ae2](4bd7ae2)) Co-authored-by: ivov <ivov@users.noreply.github.com>
cstuncsik
pushed a commit
that referenced
this pull request
Dec 6, 2023
…n login (#7936) ## Summary What: Fix issue of login endpoint returning secret and recovery codes when MFA is enabled. Bug was introduced in this [PR](#6994), specifically in this [line](https://github.com/n8n-io/n8n/pull/6994/files#diff-95a87cb029a3d26e6722df2e68132453fc254fc1f4540cbdaa95cfdbda1893deL91). Why: We should not be filtering the secret and recovery codes Same PR caused the issues on ticket -> https://linear.app/n8n/issue/ADO-1494/on-user-list-copy-password-reset-link-and-copy-invite-link-are-broken ## Review / Merge checklist - [x] PR title and summary are descriptive. **Remember, the title automatically goes into the changelog. Use `(no-changelog)` otherwise.** ([conventions](https://github.com/n8n-io/n8n/blob/master/.github/pull_request_title_conventions.md)) - [x] [Docs updated](https://github.com/n8n-io/n8n-docs) or follow-up ticket created. - [x] Tests included. > A bug is not considered fixed, unless a test is added to prevent it from happening again. A feature is not complete without tests. > > *(internal)* You can use Slack commands to trigger [e2e tests](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#a39f9e5ba64a48b58a71d81c837e8227) or [deploy test instance](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#f6a177d32bde4b57ae2da0b8e454bfce) or [deploy early access version on Cloud](https://www.notion.so/n8n/Cloudbot-3dbe779836004972b7057bc989526998?pvs=4#fef2d36ab02247e1a0f65a74f6fb534e).
Got released with |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
What: Fix issue of login endpoint returning secret and recovery codes when MFA is enabled. Bug was introduced in this PR, specifically in this line.
Why: We should not be filtering the secret and recovery codes
Same PR caused the issues on ticket -> https://linear.app/n8n/issue/ADO-1494/on-user-list-copy-password-reset-link-and-copy-invite-link-are-broken
Review / Merge checklist
(no-changelog)
otherwise. (conventions)