parse-server icon indicating copy to clipboard operation
parse-server copied to clipboard

Published 20 hours ago verified publisher icon parse-community

MFA - Cannot receive SMS token if maxPasswordHistory != 0

Open riccardoch opened this issue 10 months ago • 1 comments
trafficstars

New Issue Checklist

Issue Description

If maxPasswordHistory is set to a value != 0, the token request does not work as expected. It appears to be incorrectly interpreted as a password change request, as a result no token is created.

Steps to reproduce

To reproduce the issue you have to set maxPasswordHistory in index.js to a value != 0:

maxPasswordHistory: 5

Then you need to request a token for a user with MFA enabled:

POST {{url}}/login
Content-Type: application/json
Cache-Control: no-cache
X-Parse-REST-API-Key: {{rest_api_key}}
X-Parse-Application-Id: {{application_id}}

{
    "username": "tester",
    "password": "*********",
    "authData": { 
        "mfa": { 
            "mobile": "+11111111111",
            "token": "request"
        }
    }
}

This is the response:

{
  "code": 142,
  "error": "New password should not be the same as last 5 passwords."
}

If you remove maxPasswordHistory the token is sent as expected.

Actual Outcome

sendSMS callback is not called and this is the current result if maxPasswordHistory is != 0:

{
  "code": 142,
  "error": "New password should not be the same as last 5 passwords."
}

Expected Outcome

sendSMS callback returns the token and this is the expected response to the token request:

{
  "code": 141,
  "error": "Please enter the token"
}

Environment

Node: 18.20.5

Server

  • Parse Server version: 7.4.0
  • Operating system: Ubuntu 20.04
  • Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): Digital Ocean

Database

  • System (MongoDB or Postgres): MongoDB
  • Database version: 6
  • Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): Digital Ocean

riccardoch avatar Jan 10 '25 11:01 riccardoch

Thanks for opening this issue!

  • 🚀 You can help us to fix this issue faster by opening a pull request with a failing test. See our Contribution Guide for how to make a pull request, or read our New Contributor's Guide if this is your first time contributing.

parse-github-assistant[bot] avatar Jan 10 '25 11:01 parse-github-assistant[bot]