-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent unintentional backup code regeneration #245
Conversation
This looks like it regresses the solution in #217, so I'm looking into that. |
a1579e2
to
93df040
Compare
Screen.Capture.on.2023-09-19.at.03-22-49.movThe first half of the video is testing #217 (Unable to see the first set of backup codes after enabling the 2FA). It seems that after completing the activation of 2FA, the initial set of backup codes still can't be seen. Regarding the issue with #217, it seems that the regression is not from the changes made here. It's already like this in the current production. Update I found that this commit didn't seem to handle this issue: |
🤔 I can't reproduce the problem in the video. This is what I'm doing:
When it navigates to the Backup Codes screen, it generates new codes like normal. Can you check that you don't have any backup codes saved previously? The entry on If that isn't it, can you see anything that might be going wrong?
#244 has a description of the problem and reproduction steps |
Using local storage is unreliable, because codes would be regenerated any time a user switches browsers/devices or clears browser data.
93df040
to
5d99f1c
Compare
I rebased to fix the merge conflict, but still can't reproduce the problem you saw. |
Er, nevermind, I realize now that you were asking about 93df040 rather than the overall PR. IIRC, the regression that I saw before 93df040 was that visiting the Backup Codes screen would regenerate new codes every time, rather than recognizing that they had been saved previously and displaying the Manage screen. |
Following your steps worked for me. Before, I always went through Dashboard > Users > Profile to uncheck the
I've figured out why it was initially set up that way: The original intention was for the backup codes badge in the account status to show as "enabled" only when a user checks "I have printed or saved these codes". If it's not checked, the badge would consistently display as "not enabled", reminding the user that they haven't noted down the backup codes somewhere. But I believe in many actual use cases, users might see the generated backup codes and save them, then directly hit "Back". This would leave them confused as to why the status is "not enabled". If they go into the backup codes screen again, new codes are generated. They might hit "Back" again and again... until they realize they need to check "I have printed or saved these codes" to actually enable it. So, I think the current process is better: If users note it down and then press "Back", the status shows as "enabled". Or if they don't note it down and press "Back", the status still displays as "enabled", but they can return and generate new codes. Given this, I feel the "I have printed or saved these codes" option may no longer be that necessary? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apart from a small follow-up question and an issue that might be related to an upstream repo, as mentioned in the comment, everything looks good to me. 👍
🤔 I think it's still helpful, to reinforce to the user that it's really important to write them down. Once WordPress/two-factor#507 if fixed, then we can update our client to not save the codes until the user clicks "All Finished". I created #256 to track that. |
I think they are both reflecting the same situation - when pressing 'Back' to return to the Account Screen, it would first do I guess this can be solved by not refreshing all records, but only the backup codes part. |
Thanks for catching that! I think #257 will fix it, do you mind checking it out? |
Fixes #244
This removes the local storage item, and instead uses the number of remaining backup codes to determine if the provider has already been setup. That comes from the database, so it spans browsers/devices/sessions.
I wasn't able to reproduce the bug mentioned in #221, so I don't think this will cause a regression, but I'd appreciate some more eyes to double check.
I initially ran into the bug from #217, but was able to fix that by refreshing the user when navigating to Account Status.