uwazi Entering into Settings/Account having Two-Factor Authentication enabled, makes an unexpected POST to auth2fa-secret

Entering into Settings/Account having Two-Factor Authentication enabled, makes an unexpected POST to auth2fa-secret

Open mfacar opened this issue 1 year ago • 0 comments

Describe the bug When a user has Two-Factor Authentication enabled, and goes into Settings/Account, a request that will always fail is sent.

To Reproduce Steps to reproduce the behavior:

Go to settings/account
Enable Two-Factor Authentication in an account
Go to the library
Go back into settings/account having a network inspector opened
The request to auth2fa-secret has a 401 response

Expected behavior The request toauth2fa-secret should be done only when the user opens the Two-Factor Authentication by clicking on the button Enable

Additional context

This is also creating a wrong Activity Log entry: CREATE - "Two-factor authentication secret"
The endpoint is returning a 401 response if the user has already 2fa active, there should be another response code for this case.
Identified through Sentry Event

Feb 26 '24 16:02 mfacar

uwazi uwazi copied to clipboard

Entering into Settings/Account having Two-Factor Authentication enabled, makes an unexpected POST to auth2fa-secret

uwazi
uwazi copied to clipboard