jazzband
Enabling 2FA first time for user does not work if TOTP device name is not 'default'
Hello everyone, I am not sure if this has been fixed on a later version but I haven t found anything about it so I thought to post my issue. The bug occurs when for the first time you assign a TOTP device to a user. If the name of the device is not 'default' the user does not get flagged as 2FA enabled and hence the 2FA is not enabled. If instead you change the name of the TOTP device to 'default' or you create a new TOTP device named 'default' then the 2FA gets enabled for the user.
Expected Behavior
Login without 2FA. Create a TOTP device with any name I want. Logout. Login, 2FA required.
Current Behavior
- Login without 2FA. Create a TOTP device with any name I want. Logout. Login, 2FA is not requried.
- Login without 2FA. Create a TOTP device with 'default' name. Logout. Login, 2FA is required.
Steps to Reproduce (for bugs)
- Login with user that has no 2FA enabled and no TOTP Devices assigned
- Create TOTP Device with name different from 'default'
- Logout
- Login again
Context
I would like to be able to name TOTP devices to know where they are used (i.e. authenticator, 1password, ...)
Your Environment
- Browser and version: tested on many always happens
- Python version:
- Django version: 3.1.14
- django-otp version: 1.1.6
- django-two-factor-auth version: 1.14.0
If this has been fixed in latest releases would be cool if someone could let me know. Thanks everybody
EDIT: I used django-two-factor-auth also on projects with Django version 4.2.X and there I have the same issue so it looks like it was not fixed.
I had the same issue. Could not get the package working until I stumbled upon this issue. Naming the first device "default" does the trick.
