fusionauth-issues icon indicating copy to clipboard operation
fusionauth-issues copied to clipboard

Published 20 hours ago verified publisher icon FusionAuth

MFA authentication challenge page endless loop

Open cecilia-donnelly opened this issue 2 years ago • 6 comments

MFA authentication challenge page endless loop

Description

When a user with MFA enabled attempts to log in using FusionAuth's login page, they are caught in an endless loop of authentication challenges that never brings them to a page where they can enter their second factor code.

Affects versions

1.30.2

Steps to reproduce

Steps to reproduce the behavior:

  1. Go to the "Account" URL for an application (sourced from Application Details in the FusionAuth dashboard).
  2. Log in with username and password for a user account that has MFA turned on.
  3. See the "Authentication Challenge" page.
  4. Click "Continue."
  5. Choose the two-factor method you would like to use by selecting the radio button.
  6. Click "Continue."
  7. See that you are back on the "Authentication Challenge" page from 3, instead of the page where you can enter the second factor code. Also, the user never receives the code.
  8. NOTE that while I was testing I discovered that if I refresh the "Authentication Challenge" page and confirm that I want to resend the form then the code is sent and I can reach the page where I can enter it and log in.

Expected behavior

I expected the code to be sent and for the page where the user can enter the code to load automatically.

Screenshots

If applicable, add screenshots to help explain your problem.

Platform

We have observed this on multiple platforms.

  • Device: Desktop and iPhone
  • OS: Linux (desktop) and iOS
  • Browser + version: Firefox 105.0.3 (Linux) and Safari (on the iPhone, but I don't know the version)

Additional context

In the browser tools, I see Uncaught ReferenceError: Prime is not defined in case that's related.

cecilia-donnelly avatar Oct 12 '22 15:10 cecilia-donnelly

Here is a video of this happening on iPhone:

https://user-images.githubusercontent.com/1497818/195392837-a7f62749-91bb-459c-91bd-437212838b3b.mov

cecilia-donnelly avatar Oct 12 '22 16:10 cecilia-donnelly

Thanks @cecilia-donnelly . Thanks for using FusionAuth!

That is quite an old version (released a year ago: https://fusionauth.io/docs/v1/tech/release-notes#version-1-30-2 ).

Can you reproduce the issue on 1.40.2 (the latest version)?

mooreds avatar Oct 13 '22 02:10 mooreds

Hi @mooreds. I've looked into it and as you say we're fairly far behind. It will be a project for us to catch up. What's the latest version that's still in support, so we might have an easier time of it? (I looked but couldn't find that info - apologies if it's available somewhere!)

cecilia-donnelly avatar Oct 20 '22 20:10 cecilia-donnelly

HI @cecilia-donnelly

We don't have an official version support policy (we don't force anyone to upgrade).

However, we don't backport fixes. If you found this issue in the latest version, we'd fix the bug, but you'd have to upgrade to the release where it was fixed to get it.

Hope that helps.

mooreds avatar Oct 20 '22 20:10 mooreds

Yes, that is helpful. Thank you!

cecilia-donnelly avatar Oct 20 '22 20:10 cecilia-donnelly

Great, thanks! Please let us know if you can recreate on 1.40.2, as we'd definitely want to fix this behavior if it is present there.

mooreds avatar Oct 20 '22 21:10 mooreds

Perhaps a duplicate of:

  • https://github.com/FusionAuth/fusionauth-internal-issues/issues/189

robotdan avatar Jun 15 '23 19:06 robotdan

Please re-open if this occurs again.

robotdan avatar Jun 15 '23 19:06 robotdan