Skip to content
This repository was archived by the owner on Mar 19, 2025. It is now read-only.

Do not send user email when setting up TOTP as 2nd factor#104

Merged
damionvega merged 5 commits intomainfrom
feature/dev-1046-bug-in-mfa-setup
Feb 26, 2024
Merged

Do not send user email when setting up TOTP as 2nd factor#104
damionvega merged 5 commits intomainfrom
feature/dev-1046-bug-in-mfa-setup

Conversation

@damionvega
Copy link
Contributor

@damionvega damionvega commented Feb 22, 2024
edited
Loading

Normal
Closes DEV-1046

This will check for email or emailOrUsername only if TOTP is being set up as a first factor.

I also removed the password instructions on the login form i.e.

At least 16 characters OR at least 8 characters including a number and a letter.

@vercel
Copy link

vercel bot commented Feb 22, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
vercel-toolkit-react-dev-app ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 26, 2024 6:20pm
vercel-toolkit-react-storybook ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 26, 2024 6:20pm

@github-actions
Copy link
Contributor

github-actions bot commented Feb 22, 2024

Coverage Summary for `package`

Status Category Percentage Covered / Total
🔵 Lines 69.18% 3275 / 4734
🔵 Statements 69.18% 3275 / 4734
🔵 Functions 50.56% 90 / 178
🔵 Branches 54.35% 131 / 241
File Coverage
File Stmts % Branch % Funcs % Lines Uncovered Lines
package/src/components/AlternativeButton.jsx 69.23% 100% 0% 69.23% 8-11
package/src/components/BackButton.jsx 39.47% 100% 0% 39.47% 14-36
package/src/components/ContinueButton.jsx 47.36% 100% 0% 47.36% 8-17
package/src/components/Divider.jsx 54.16% 100% 0% 54.16% 12-22
package/src/components/ErrorMessage.jsx 92.59% 33.33% 100% 92.59% 16-17
package/src/components/IconButton.jsx 28.57% 100% 0% 28.57% 15-16, 19-28, 47-136, 147-159
package/src/components/InfoMessage.jsx 45.83% 100% 0% 45.83% 10-22
package/src/components/PhoneNumberInput.jsx 69.44% 0% 0% 69.44% 24-34
package/src/components/RetryButton.jsx 61.11% 100% 0% 61.11% 10-16
package/src/components/SecuredByUserfront.jsx 100% 100% 100% 100%
package/src/components/SubmitButton.jsx 100% 100% 100% 100%
package/src/components/TestModeNotice.jsx 66.66% 50% 50% 66.66% 16-18, 20-21, 28-34
package/src/components/Input/BackupCodeInput.jsx 100% 100% 100% 100%
package/src/components/Input/BaseInput.jsx 95.83% 50% 0% 95.83% 44-45
package/src/components/Input/EmailInput.jsx 100% 100% 100% 100%
package/src/components/Input/EmailOrUsernameInput.jsx 100% 100% 100% 100%
package/src/components/Input/PasswordInput.jsx 100% 100% 100% 100%
package/src/components/Input/TotpCodeInput.jsx 100% 100% 100% 100%
package/src/components/Input/VerificationCodeInput.jsx 100% 100% 100% 100%
package/src/components/Input/index.jsx 88% 100% 50% 88% 23-25
package/src/forms/UniversalForm.jsx 52.28% 4.81% 100% 52.28% 173-175, 193-211, 213-215, 218-224, 226-236, 238-250, 256-266, 268-280, 284-291, 303-309, 311-317, 319-325, 329-333, 335-341, 343-347, 349-355, 357-361, 365-369, 371-377, 379-383, 385-391, 393-397, 401-405, 407-413, 415-418, 422-435, 437-450, 452-456, 460-466, 468-474, 476-482, 484-490, 492-496, 499-503, 510-514, 518-522, 535-542, 545-548, 552-555, 559-563, 600-601, 603-604, 606-611, 614-615, 617-620, 622-624, 626-629, 631-633, 635-640, 652-657
package/src/models/config/actions.ts 71.82% 94.11% 89.74% 71.82% 63-77, 79-92, 96-101, 130-131, 159-169, 174-180, 218-222, 229-235, 265-266, 283-285, 313-326, 338-339, 351-355, 375-376, 379-394
package/src/models/config/guards.ts 80.15% 100% 55.88% 80.15% 44, 48, 55-60, 68, 73, 78, 85-91, 96, 101, 106-107, 117, 121, 125
package/src/models/config/utils.ts 91.71% 100% 78.57% 91.71% 108-118, 123-124, 134
package/src/models/forms/universal.ts 91.35% 100% 4.76% 91.35% 95-97, 99-101, 126-131, 136-137, 167-172, 176-177, 179-180, 182-183, 185-186, 188-189, 191-192, 243, 329-335, 640-648, 662-672, 778-785
package/src/models/views/emailCode.ts 96.8% 50% 100% 96.8% 37-38, 40-41
package/src/models/views/emailLink.ts 88.23% 28.57% 100% 88.23% 37-42, 49-50, 52-53, 94-95, 97-98
package/src/models/views/password.ts 75.26% 100% 0% 75.26% 42-64
package/src/models/views/selectFactor.ts 100% 100% 100% 100%
package/src/models/views/setNewPassword.ts 78.94% 100% 0% 78.94% 35-50
package/src/models/views/setUpTotp.ts 93.18% 66.66% 100% 93.18% 66-74
package/src/models/views/smsCode.ts 96.87% 50% 100% 96.87% 40-41, 43-44
package/src/models/views/totpCode.ts 66.66% 100% 0% 66.66% 37-61, 89-109
package/src/services/logging.js 38.46% 100% 0% 38.46% 5-6, 9-10, 13-15, 18-26
package/src/services/userfront.ts 65.88% 53.33% 60% 65.88% 49-62, 74-78, 83-85, 101-102, 104-108, 111-113, 128-129, 147-170
package/src/utils/hooks.js 80% 77.77% 100% 80% 12, 19-20, 22-23
package/src/views/AlreadyLoggedIn.jsx 77.77% 100% 0% 77.77% 6-7
package/src/views/EmailLinkSent.jsx 50% 100% 0% 50% 15-30
package/src/views/EnterEmail.jsx 71.42% 50% 50% 71.42% 20-33
package/src/views/EnterPhone.jsx 42.1% 100% 0% 42.1% 15-36
package/src/views/EnterTotpCode.jsx 18.11% 100% 0% 18.11% 22-125
package/src/views/EnterVerificationCode.jsx 34.78% 100% 0% 34.78% 15-44
package/src/views/GeneralErrorMessage.jsx 56.52% 100% 0% 56.52% 12-21
package/src/views/LogInWithPassword.jsx 31.48% 100% 0% 31.48% 16-52
package/src/views/Message.jsx 81.81% 100% 0% 81.81% 8-9
package/src/views/Placeholder.jsx 75% 100% 0% 75% 5-6
package/src/views/SelectFactor.jsx 26.8% 100% 0% 26.8% 25-95
package/src/views/SetNewPassword.jsx 62.36% 100% 50% 62.36% 19-53
package/src/views/SetNewPasswordSuccess.jsx 75% 100% 0% 75% 5-6
package/src/views/SetUpTotp.jsx 34.61% 100% 0% 34.61% 17-50
package/src/views/SetUpTotpSuccess.jsx 36.11% 100% 0% 36.11% 12-34
package/src/views/SignUpWithPassword.jsx 20.4% 100% 0% 20.4% 19-96
package/src/views/Success.jsx 50% 100% 0% 50% 10-20
package/src/views/TotpErrorMessage.jsx 48.48% 100% 0% 48.48% 15-31

damionvega
damionvega commented Feb 22, 2024
View reviewed changes
package/src/models/views/setUpTotp.ts
Comment on lines +55 to +80
src: (context: AuthContext<any>, event: AuthMachineEvent) => {
const arg: Record<string, any> = {
method: "totp",
};

if (hasValue((<TotpCodeSubmitEvent>event).totpCode)) {
arg.totpCode = (<TotpCodeSubmitEvent>event).totpCode;
}

// API only requires email/emailOrUsername when logging in via first factor
if (!context.isSecondFactor) {
if (hasValue(context.user.email)) {
arg.email = context.user.email;
} else if (hasValue(context.user.emailOrUsername)) {
arg.emailOrUsername = context.user.emailOrUsername;
}

arg.redirect = false;
}

return callUserfront({
// Should ALWAYS be Userfront.login here
method: "login",
args: [
{
method: "totp",
totpCode: (<TotpCodeSubmitEvent>event).totpCode,
email: context.user.email,
redirect: false,
},
],
}),
args: [arg],
});
},
Copy link
Contributor Author

@damionvega damionvega Feb 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The email/emailOrUsername check has been added here.

drbrady8800
drbrady8800 approved these changes Feb 26, 2024
View reviewed changes
Copy link
Contributor

@drbrady8800 drbrady8800 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@damionvega damionvega merged commit b7b2156 into main Feb 26, 2024
@github-actions
Copy link
Contributor

github-actions bot commented Feb 26, 2024

Published version 1.1.0-alpha.3 to npm.

@stephencattaneo stephencattaneo deleted the feature/dev-1046-bug-in-mfa-setup branch August 20, 2024 21:17
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@drbrady8800 drbrady8800 drbrady8800 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@damionvega @drbrady8800