Comments (6)
MFA attempts are rate limitted, though you will get a clear "too many login attempts" error, not "incorrect code".
from django-allauth.
Ok, I've narrowed the issue down to when allauth/layouts/base.html is changed to extending my base.html, the code isn't read properly in the activation process. Everything else seems to work.
I've included my base.html, is there anything that you can see that would interfere with mfa? I've confirmed that the form being used is exactly the same as the default mfa activation form.
I even confirmed that my changed, styled mfa activation form isn't the issue, as I used it and replaced my base.html with the default allauth/layouts/base.html and it worked perfectly.
Base.html:
https://codefile.io/f/g72BVcHUNI
from django-allauth.
Update:
It seems like if I remove the blank favicons links near the top of the page, the authenticator app works perfectly... I'm just at a complete loss as to why
from django-allauth.
There is a feature that automatically purges the session when you navigate away from the MFA signin page. Perhaps that is somehow interfering? So, you have the MFA signin page in front of you and you then navigate to any other page, the MFA session is gone. Now, in earlier versions there was an issue where this even happened if a favicon.ico
was requested, but that has been fixed. What version are you on?
from django-allauth.
I'm on version 0.58.2
from django-allauth.
Having a blank favicon is incorrect. It causes your browser to make a regular request with a text/html response, which the middleware interprets as navigating away from the MFA page.
from django-allauth.
Related Issues (20)
- Signing up new users, facing username duplicate errors (0.61.1) HOT 10
- Regular accounts only HOT 1
- Get id_token for send to the URL logout keycloak
- Initial value for the SignUpForm
- what is `by_id()` replaced with? HOT 1
- Wrong 'da' translation of "Password Reset Email" /locale/da/LC_MESSAGES /django.po HOT 1
- Microsoft provider does not have extract_email_addresses function defined HOT 1
- TikTok provider needed HOT 5
- keep getting error retrieving access token for microsoft oauth and using 0.61.1 HOT 3
- About old version Document. HOT 1
- Password reset from key (email) issue - invalid link - solved HOT 2
- typo in `authentication_required` in headless RESTView HOT 1
- How to use my custom model instead of django user model?
- Closing -- see SOCIALACCOUNT_EMAIL_AUTHENTICATION. HOT 4
- Tests fail if `ACCOUNT_USER_MODEL_USERNAME_FIELD = None` HOT 2
- SAML username is generic HOT 4
- Temporarily disable MFA for a user HOT 4
- Doesn't support Android Credential Manager for Google login from Android HOT 4
- Does the MFA feature in django-allauth support FIDO passkeys? Or FIDO is simply handled by the chosen provider? HOT 1
- Is allauth open to including an (optional) honeypot field on registration? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-allauth.