enso icon indicating copy to clipboard operation
enso copied to clipboard

Published 20 hours ago verified publisher icon enso-org

MFA

Open MrFlashAccount opened this issue 1 year ago • 3 comments
trafficstars

Pull Request Description

This PR is based on #10844 and #10775, so merge/review them in order.

TLDR: This PR adds 2FA support for Login flow

Closes: enso-org/cloud-v2#1428

Demo:

https://github.com/user-attachments/assets/9eaf66c9-ac28-4b5b-a066-a4d8573d4eaf

Important Notes

Checklist

Please ensure that the following checklist has been satisfied before submitting the PR:

  • [ ] The documentation has been updated, if necessary.
  • [ ] Screenshots/screencasts have been attached, if there are any visual changes. For interactive or animated visual changes, a screencast is preferred.
  • [ ] All code follows the Scala, Java, TypeScript, and Rust style guides. In case you are using a language not listed above, follow the Rust style guide.
  • [ ] Unit tests have been written where possible.

MrFlashAccount avatar Aug 22 '24 18:08 MrFlashAccount

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Aug 23 '24 12:08 CLAassistant

That looks really great!

  1. When I am being asked for the code and I provide the wrong one I am being redirected to login screen. Can we stay with the provide code screen but display Code mismatch error?
  2. How we can provide a recovery path for this (preferably in separate branch / issue)

PabloBuchu avatar Aug 28 '24 11:08 PabloBuchu

When I am being asked for the code and I provide the wrong one I am being redirected to login screen. Can we stay with the provide code screen but display Code mismatch error?

We redirect back to login screen only if the cognito responds with LoginTimeout or when a user made too much attempts to enter a code.

How we can provide a recovery path for this (preferably in separate branch / issue)

You mean to provide a way to disable TOTP or use recovery codes? AFAIC cognito doesn't provide that out of the box, but we can provide alternative ways to get access to the account - using SMS 2fa or by requesting support.

MrFlashAccount avatar Aug 28 '24 12:08 MrFlashAccount

When I am being asked for the code and I provide the wrong one I am being redirected to login screen. Can we stay with the provide code screen but display Code mismatch error?

Can't repro, can you provide more details on how to reproduce that?

MrFlashAccount avatar Sep 02 '24 08:09 MrFlashAccount

@MrFlashAccount all is good. lets try to clean and merge yours PRs ✅

PabloBuchu avatar Sep 04 '24 09:09 PabloBuchu

Unfortunatelly it stopped working. When I want to sign in I am getting

Screenshot 2024-09-10 at 14 49 55

PabloBuchu avatar Sep 10 '24 12:09 PabloBuchu

so i guess we still want to support oss builds, so i guess we will still need to support cloud endpoints being missing (null) both in the codebase and the environment variable type definitions

somebody1234 avatar Sep 13 '24 09:09 somebody1234

so i guess we still want to support oss builds, so i guess we will still need to support cloud endpoints being missing (null) both in the codebase and the environment variable type definitions

We cut this functionally a while ago when we made signing up a required step. I agree it's a clash and we must discuss it with James. But, in general, giving prod env variables to the users so they can build the app themselves might be the solution.

MrFlashAccount avatar Sep 13 '24 09:09 MrFlashAccount