Authenticator App - 2FA issue #6297 | Support Center | ABP Commercial

balessi75 created 4 months ago

ABP Commercial 7.4.2 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme

Hi, We found that that the 2FA option for using an Authenticator App is being presented to the user when logging in even if they have not setup 2FA on their account.

We recently upgraded to 7.4.2 which includes the Authenticator feature and when a user sets it up, it works perfectly.

What we noticed, however, is that if a user never sets it up, and simply saves something on their 'My Account' area (not related to 2fa or authenticator) the new 2fa option is now presented to the user when logging in - even though they never set it up and can't use it.

Please advise. Any workarounds are greatly appreciated.

Thanks

8 Answer(s)

0

liangshiwei created 4 months ago
Support Team Fullstack Developer

Hi,

I will check it.
0

liangshiwei created 4 months ago
Support Team Fullstack Developer

Hi,

I could not reproduce the problem.

Can you share more detail setps?
0
balessi75 created 4 months ago
With a Blazor Server project using the Lepton Theme, do the following...

Add a user

Login as the new user

Under My Account > Personal Info, verify the user's email

2FA is now an option for the user under My Account > Personal Info.

While logged in as the user, enable 2fFA under My Account > Two factor authentication

Log out

Login and the user has both Email and Authenticator listed in the 2FA provider dropdown, even though Authenticator app access was never setup.

It seems that any save in the My Account > Personal Info tab unconditionally triggers the Authenticator app to be a valid 2fa provider for the user.

I reproduced this with a newly created 7.4.2 Blazor Server project with the Lepton Theme.
0

liangshiwei created 4 months ago
Support Team Fullstack Developer

Ok, I will check it.

liangshiwei created 4 months ago

Support Team Fullstack Developer

Hi,

I could reproduce the problem and will fix it in the next patch version.

Temporary solution:

[ExposeServices(typeof(IAccountAppService))]
public class MyAccountAppService : AccountAppService
{
    public MyAccountAppService(IdentityUserManager userManager, IAccountEmailer accountEmailer, IAccountPhoneService phoneService, IIdentityRoleRepository roleRepository, IdentitySecurityLogManager identitySecurityLogManager, Volo.Abp.BlobStoring.IBlobContainer<AccountProfilePictureContainer> accountProfilePictureContainer, ISettingManager settingManager, IOptions<IdentityOptions> identityOptions, IIdentitySecurityLogRepository securityLogRepository, IImageCompressor imageCompressor, IOptions<AbpProfilePictureOptions> profilePictureOptions, IApplicationInfoAccessor applicationInfoAccessor, IdentityUserTwoFactorChecker identityUserTwoFactorChecker) : base(userManager, accountEmailer, phoneService, roleRepository, identitySecurityLogManager, accountProfilePictureContainer, settingManager, identityOptions, securityLogRepository, imageCompressor, profilePictureOptions, applicationInfoAccessor, identityUserTwoFactorChecker)
    {
    }

    public override async Task<List<string>> GetTwoFactorProvidersAsync(GetTwoFactorProvidersInput input)
    {
        var providers = await base.GetTwoFactorProvidersAsync(input);

        if(providers.Any())
        {
            var user = await UserManager.GetByIdAsync(input.UserId);
            if(!user.HasAuthenticator())
            {
                providers.RemoveAll(x => x == TwoFactorProviderConsts.Authenticator);
            }
        }

        return providers;
    }
}

0

balessi75 created 4 months ago

Thanks @liangshiwei,

I appreciate the quick response. I'll test and let you know how things look.
0

liangshiwei created 4 months ago
Support Team Fullstack Developer

ok
0

balessi75 created 4 months ago

Thangs again @liangshiwei,

Your temporary solution works perfectly!

Have an answer to this question? Log in and write your answer.