ABP Commercial 7.4.2 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme
Hi, We found that that the 2FA option for using an Authenticator App is being presented to the user when logging in even if they have not setup 2FA on their account.
We recently upgraded to 7.4.2 which includes the Authenticator feature and when a user sets it up, it works perfectly.
What we noticed, however, is that if a user never sets it up, and simply saves something on their 'My Account' area (not related to 2fa or authenticator) the new 2fa option is now presented to the user when logging in - even though they never set it up and can't use it.
Please advise. Any workarounds are greatly appreciated.
Thanks
8 Answer(s)
-
0
Hi,
I will check it.
-
0
Hi,
I could not reproduce the problem.
Can you share more detail setps?
-
0
With a Blazor Server project using the Lepton Theme, do the following...
- Add a user
- Login as the new user
- Under My Account > Personal Info, verify the user's email
- 2FA is now an option for the user under My Account > Personal Info.
- While logged in as the user, enable 2fFA under My Account > Two factor authentication
- Log out
- Login and the user has both Email and Authenticator listed in the 2FA provider dropdown, even though Authenticator app access was never setup.
It seems that any save in the My Account > Personal Info tab unconditionally triggers the Authenticator app to be a valid 2fa provider for the user.
I reproduced this with a newly created 7.4.2 Blazor Server project with the Lepton Theme.
-
0
Ok, I will check it.
-
0
Hi,
I could reproduce the problem and will fix it in the next patch version.
Temporary solution:
[ExposeServices(typeof(IAccountAppService))] public class MyAccountAppService : AccountAppService { public MyAccountAppService(IdentityUserManager userManager, IAccountEmailer accountEmailer, IAccountPhoneService phoneService, IIdentityRoleRepository roleRepository, IdentitySecurityLogManager identitySecurityLogManager, Volo.Abp.BlobStoring.IBlobContainer<AccountProfilePictureContainer> accountProfilePictureContainer, ISettingManager settingManager, IOptions<IdentityOptions> identityOptions, IIdentitySecurityLogRepository securityLogRepository, IImageCompressor imageCompressor, IOptions<AbpProfilePictureOptions> profilePictureOptions, IApplicationInfoAccessor applicationInfoAccessor, IdentityUserTwoFactorChecker identityUserTwoFactorChecker) : base(userManager, accountEmailer, phoneService, roleRepository, identitySecurityLogManager, accountProfilePictureContainer, settingManager, identityOptions, securityLogRepository, imageCompressor, profilePictureOptions, applicationInfoAccessor, identityUserTwoFactorChecker) { } public override async Task<List<string>> GetTwoFactorProvidersAsync(GetTwoFactorProvidersInput input) { var providers = await base.GetTwoFactorProvidersAsync(input); if(providers.Any()) { var user = await UserManager.GetByIdAsync(input.UserId); if(!user.HasAuthenticator()) { providers.RemoveAll(x => x == TwoFactorProviderConsts.Authenticator); } } return providers; } }
-
0
Thanks @liangshiwei,
I appreciate the quick response. I'll test and let you know how things look.
-
0
ok
-
0
Thangs again @liangshiwei,
Your temporary solution works perfectly!