Comments (7)
clokep
commented on July 20, 2024
redirected to the setup two factor page, the token is always coming back invalid. If a user doesn't have two factor required but setups up the two factor, the token works just fine.
I'm not really sure what you mean here. Do you mean they end up at the setup two-factor page (the page that shows the QR code), but when submitting it the token is rejected?
The code should be identical in both cases so I'm not sure why that would be happening. Is there a more specific error than "invalid"?
from django-allauth-2fa.
roddajohn
commented on July 20, 2024
Yes, there are two cases:
- User has two factor required, but not setup. When they login they are directed to setup two factor, I scan the QR code and enter the token -- I get the form validation error indicating the token is invalid
- User does not have two factor required, and also not setup. When they setup two factor, it works fine.
Yeah that was my first glance too -- that the code is identical -- the error I'm seeing is the front end form validation error thrown when the token is invalid, found in allauth_2fa/forms.py
from django-allauth-2fa.
roddajohn
commented on July 20, 2024
How would I get a more detailed error? Can I uncover the underlying reason why the token is invalid?
from django-allauth-2fa.
clokep
commented on July 20, 2024
The corresponding code is in https://github.com/percipient/django-allauth-2fa/blob/f2a2e77dcc93facd5885903acddfd23af3e53b99/allauth_2fa/forms.py#L41-L49
Does the user have multiple unconfirmed devices for some reason? Could be worth sub-classing that and poking a bit at the devices and such.
from django-allauth-2fa.
roddajohn
commented on July 20, 2024
The user has 1 unconfirmed device -- just ran the query and played around with it a little bit, seems that I can't delete the one device (it's unconfirmed).
Some other issues I came across perhaps indicated that the issue had to do with throttling and some redirects (like static pages) also throwing the two factor required. I disabled throttling and can still experience the issue -- seems very odd.
from django-allauth-2fa.
simonkern
commented on July 20, 2024
I can redproduce this issue on my installation
from django-allauth-2fa.
simonkern
commented on July 20, 2024
@roddajohn Any chance you are running sth similar to #113? In case there is a second request that also gets redirected to the setup 2fa page, it might overwrite the unconfirmed key of your first request, which would then make it impossible to activate 2fa.
from django-allauth-2fa.
Related Issues (20)
- Use of e.g. ServiceWorker makes login with 2FA impossible HOT 4
- Adapter subclassing breaks allauth_2fa
- Django 4.0 compatibility HOT 13
- Plan for a 1.0 release HOT 8
- Rename main branch to 'main' HOT 2
- Redirect-to-next breaks with certain view classes
- OTP login breaks with subclassed OTPAdapter
- TypeError at /account/two-factor-authenticate - exists again in 0.9 HOT 2
- Join jazzband? HOT 11
- When usinging allauth with email login the login screen does not navigate to totp entry HOT 1
- can someone point how to enable 2FA using email for all users? HOT 1
- Configurable redirect URLs HOT 1
- Not compatible with function-based login view HOT 4
- Disabling 2FA does not work with a backup token HOT 2
- Success social login directing to failed social login page HOT 2
- ALLAUTH_2FA_SETUP_SUCCESS_URL and ALLAUTH_2FA_REMOVE_SUCCESS_URL not used in views
- RestFul api use HOT 1
- Make it possible to disable 2fa without a token.
- Templates are not included in 0.11.0 wheel distribution HOT 1
- Missing dependabot config HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-allauth-2fa.