Update from 1.2.3 to 1.2.4 breaks the 2fa file

[A7F]

Describe the bug

After updating the app from version 1.2.3 to 1.2.4 via Microsoft Store, I am no longer able to access my data. As I insert the master password, I get an "invalid data file" error or something. Apparently, the update broke something with the .2fa file, as the path pointing to it in app settings is correct. However, the issue is very easy to reproduce: just update the app.

Steps to Reproduce

1. update the app from sw 1.2.3 to 1.2.4 with a previous valid datafile
2. open 2fast after the update

Expected behavior

1. the app opens with the expected credentials without anything getting lost

Environment

App Version(s): 1.2.4

Windows 10 Pro Build Number:

• Fall Creators Update (16299)
• April 2018 Update (17134)
• October 2018 Update (17763)
• May 2019 Update (18362)
• May 2020 Update (19041)
• Windows 11 21H2 Update (22000)
• Other not listed above (22H2 - 19045.2728)

[JurajF]

Same here, 1.2.4 cannot open the previous datafile - reports wrong password. Please consider rollback of the 1.2.4 from the MSstore.

[imarkone]

I updated from version 1.2.0 to version 1.2.4 and I got the same error, since we use 2 fast in the company, other users already reported this problem. Well thank you M

[imarkone]

Ideally, replace version 1.2.4 from MS store and return version 1.2.3 there for now.
Well thank you
Sincerely

[jp-weber]

Thank you for posting this issue, I will investigate this issue this evening. In my tests no errors have been detected.

Have you tried to open the .2fa file via Windows explorer? Is the same error in this case visible?

[imarkone]

Thank you for posting this issue, I will investigate this issue this evening. In my tests no errors have been detected.

Have you tried to open the .2fa file via Windows explorer? Is the same error in this case visible?

I tried now, "Error" The password doesn't match the password of the data file." colleague too..

[imarkone]

Before I had version 1.2.0.. everything downloaded from MS Store.

[A7F]

Thank you for posting this issue, I will investigate this issue this evening. In my tests no errors have been detected.

Have you tried to open the .2fa file via Windows explorer? Is the same error in this case visible?

I can confirm the same behavior reported by @imarkone .
Thanks :)

[drdobler]

I can confirm the issue.
All of our users can't access their OTPs. Me neither.
I tried a manual downgrade on my PC to v1.2.3 with success. (Windows 10 22H2)

[jp-weber]

Can someone create an example 2fa file where the problem can be reproduced and upload it here with the corresponding password?

[drdobler]

Created a file with 1.2.3 and upgraded to 1.2.4 -> no issues
file from 1.2.2 had issues with 1.2.4

I can't attach the file to this post because the file type is not supported

[Flexmaen]

Same here. On two different devices I suddenly have "invalid password".

I didn't see any update history, but I created the 2fa already months ago and had no problems until now.

[jp-weber]

I have identified the problem. I created a versioning for the data file template long time ago, as I wanted to make a change with version 1.3.0 and did not want to risk any problems due to a last-minute change.
The problem I didn't consider was that if the data file was not changed by a save, version=1 is not written and the version query is too specific, so unfortunately the new algorithm is used for decryption.

https://github.com/2fast-team/2fast/blob/master/Project2FA.Core/Services/JSON/NewtonsoftJSONService.cs#L70

As a workaround

The version after the IV can be added to the data file, after that, all runs great:

"IV":"YOUR_IV_DO_NOT_EDIT","Version":1 

I have now uploaded the older app version 1.2.3 to the store for reactivation until i adjusted the query with a new version and implemented an error handling for it.

I would like to apologise for any inconvenience.

[msav72]

if users have already updated to 1.2.4.0 how to we revert back to 1.2.3
if the user changed the password how to we fix the login issue.

Thank for your attention to this. I had to disable MFA for all my users this morning to allow them to log in.

[jp-weber]

if users have already updated to 1.2.4.0 how to we revert back to 1.2.3 if the user changed the password how to we fix the login issue.

Thank for your attention to this. I had to disable MFA for all my users this morning to allow them to log in.
According to current information, no password change is taking place in the background, as the new password is being tested for decryption, which continues to fail

According to current information, no password change is taking place in the background, as the new password is being tested for decryption, which continues to fail
https://github.com/2fast-team/2fast/blob/master/Project2FA/Project2FA.UWP/Views/ContentDialogs/ChangeDatafilePasswordContentDialog.xaml.cs#L49

if (await ViewModel.TestPassword())
{
    await ViewModel.ChangePasswordInFileAndDB();
}

When the new version is distributed tomorrow, according to current information, everything will work as it should (with the old password).

[msav72]

Ok, thank you I will just hold out for tomorrow.

[imarkone]

Thank you Mr. Weber, in the future, if you need beta testing of the application, let me know, I will be happy to test the application.
Sincerely
M

[emptywee]

As a workaround

The version after the IV can be added to the data file, after that, all runs great:

"IV":"YOUR_IV_DO_NOT_EDIT","Version":1 

This works! Thanks.

[drdobler]

Can you release a new version for that fix?
At the moment we need to reinstall the app on every client and set it up again.
An update via MS store would fix the problem automatically.

[jp-weber]

I would like to do this, but the MS Store services have currently problems…

[jp-weber]

The update 1.2.5 is now available in the store

[imarkone]

Hello, everything is functional after the update. Thank you