django-trench icon indicating copy to clipboard operation
django-trench copied to clipboard
verified publisher icon merixstudio

2FA is not working due to misconfigured is_primary flag

Open leon-chen-cambio opened this issue 2 years ago • 6 comments

Describe the bug My project is using the app authentication method. One issue that I notice is after setting up the 2FA, the mfa methods of the user is marked as is_primary = False. As a result, user is not asked for authentication code during the login (until I manually turn the is_primary flag on)

Any advice?

leon-chen-cambio avatar Sep 12 '23 14:09 leon-chen-cambio

A side question: what does USES_THIRD_PARTY_CLIENT configuration do? Could anybody point me to the related documentation?

Thank you so much!

leon-chen-cambio avatar Sep 12 '23 14:09 leon-chen-cambio

I am facing the same issue. It works well only on first activation.

tiln7 avatar Nov 09 '23 14:11 tiln7

In theory, you could do a POST /mfa/change-primary-method/

{
    "method": "app",
    "code": 670659
}

However I get a response: "Requested MFA method does not exist."

Which does not make any sense...

tiln7 avatar Nov 09 '23 14:11 tiln7

I also get a response: "Requested MFA method does not exist." trying to POST /mfa/change-primary-method/ It only works when is_primary is set to true, then I will receive empty response... but this makes no sense. Is there a way to set is_primary for app method? My real problem is, when a user deactivate MFA and then activate it again, the is_primary flag is not checked and so the user won't go through 2FA.

motage4711 avatar Nov 27 '23 17:11 motage4711

this is fixed, but not released.

benzkji avatar Dec 22 '23 13:12 benzkji

Ah, not really. It was #218 . It just seems that there are a lot of edge cases around is_primary, enabling, disabling, custom auth, etc.

benzkji avatar Dec 22 '23 13:12 benzkji