Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

It's not possible to enter a MFA recovery token #4072

Closed
sergei-maertens opened this issue Mar 27, 2024 · 4 comments · Fixed by #4138
Closed

It's not possible to enter a MFA recovery token #4072

sergei-maertens opened this issue Mar 27, 2024 · 4 comments · Fixed by #4138
Assignees
@sergei-maertens
Labels
bug Something isn't working needs-backport Fix must be backported to stable release branch owner: haarlemmermeer
Milestone
Release 2.6.3

Comments

@sergei-maertens
Copy link
Member

sergei-maertens commented Mar 27, 2024
edited

Product versie / Product version

2.6.0

Omschrijf het probleem / Describe the bug

Taiga HLMM 105

When going through the login flow, you are prompted to enter your token/second factor. At the bottom of the 'dialog', there's a link to use a recovery token. Clicking that link doesn't allow you to enter a recovery token, instead it redirects you back to the username/password login screen.

Stappen om te reproduceren / Steps to reproduce

  1. Ensure you have generated backup tokens for your account
  2. Go to the /admin/
  3. Log in with username + password
  4. Instead of entering a token, click the "Use a recovery token" link
  5. Observe that you need to authenticate again instead of being able to enter a token

Verwacht gedrag / Expected behavior

Go to screen to enter a recovery token instead of logging in again.

Screen resolution

None

Device

None

OS

None

Browser

No response
@sergei-maertens sergei-maertens added bug Something isn't working triage Issue needs to be validated. Remove this label if the issue considered valid. labels Mar 27, 2024
@sergei-maertens sergei-maertens added this to the Release 2.6.1 milestone Mar 27, 2024
@sergei-maertens sergei-maertens added the needs-backport Fix must be backported to stable release branch label Mar 27, 2024
@Viicos
Copy link
Contributor

Viicos commented Apr 4, 2024

Hum, I can't see the "Use a recovery token" link on our test env?

@sergei-maertens
Copy link
Member Author

sergei-maertens commented Apr 4, 2024
edited

You need to enter username + password first, and then you get the screen prompting for your token/second factor. That page has a recovery token link, at least for me with my YubiKey.

image

@sergei-maertens
Copy link
Member Author

Reproduced with Joeri - you need to make sure you have generated backup tokens first!

@Viicos
Copy link
Contributor

Viicos commented Apr 4, 2024

Makes sense 🤦

@joeribekker joeribekker removed the triage Issue needs to be validated. Remove this label if the issue considered valid. label Apr 8, 2024
sergei-maertens added a commit that referenced this issue Apr 9, 2024
@sergei-maertens
🧪 [#4072] Add regression test for broken recovery token flow
4cacfe8
sergei-maertens added a commit that referenced this issue Apr 9, 2024
@sergei-maertens
🐛 [#4072] Fix recovery token flow redirecting back to login screen
f45b217 
The form wizard storage needs to be shared between the recovery flow
and login flow to get access to the same authenticated user, and the
automatic prefix derivation based on the view class name broke when
we subclassed to add classic and OIDC login mechanisms at the same
time.
@sergei-maertens sergei-maertens mentioned this issue Apr 9, 2024
Merged
sergei-maertens added a commit that referenced this issue Apr 9, 2024
@sergei-maertens
🐛 [#4072] Fix recovery token flow redirecting back to login screen
740e320 
The form wizard storage needs to be shared between the recovery flow
and login flow to get access to the same authenticated user, and the
automatic prefix derivation based on the view class name broke when
we subclassed to add classic and OIDC login mechanisms at the same
time.

Backport-of: #4138
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sergei-maertens sergei-maertens

Labels
bug Something isn't working needs-backport Fix must be backported to stable release branch owner: haarlemmermeer
Projects
Development
Archived in project
Milestone
Release 2.6.3
Development

Successfully merging a pull request may close this issue.

Fix MFA recovery token flow open-formulieren/open-forms
3 participants
@joeribekker @sergei-maertens @Viicos