Page Redirect after Logging in with Multifactor Authentication for Users

[tekoscott]

Which Umbraco version are you using? (Please write the exact version, example: 10.1.0)

12.3.3

Bug summary

Umbraco MFA validation process when logging a user in into the backoffice is looking for api calls that apparently do not exist.

Specifics

• Checked in all browsers - Chrome, Firefox, Edge
• Checked with clean install of umbraco 12.3.3
• Upgrading the site to the latest Umbraco 13 RC fixes the issue but I require this to be fixed on 12.
• When upgraded to the current Umbraco 13 RC site the issue no longer exists.
• As this occurs on a clean install of Umbraco 12.3.3 and not the latest Umbraco 13 RC, I believe it is an issue with Umbraco 12

Steps to reproduce

• Setup Clean install of 12.3.3 Umbraco project
• Implement multifactor authentication as per instructions here https://docs.umbraco.com/umbraco-cms/reference/security/two-factor-authentication
• Add a test User
• Configure Mutlifactor authentication for that user using the QR code.
• Enable MFA for the user
• Log out of the site
• Log back in with the user that has MFA enabled
• On login screen add test users email and password
• On the MFA screen add the verificatiion code from Microsofts Authenticator App https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en&gl=US and click the Validate button
• The following is displayed in the browsers dev tools
  
• When validate clicked 'Invalid code entered' error message displayed, but doing a page refresh in the browser allows access to the backoffice
  
• If the validate button clicked a second time the following message is displayed in the devtools console
  

Expected result / actual result

Expected to be redirected to backoffice upon successfull validaton of MFA verification code.

[github-actions]

Hi there @tekoscott!

Firstly, a big thank you for raising this issue. Every piece of feedback we receive helps us to make Umbraco better.

We really appreciate your patience while we wait for our team to have a look at this but we wanted to let you know that we see this and share with you the plan for what comes next.

• We'll assess whether this issue relates to something that has already been fixed in a later version of the release that it has been raised for.
• If it's a bug, is it related to a release that we are actively supporting or is it related to a release that's in the end-of-life or security-only phase?
• We'll replicate the issue to ensure that the problem is as described.
• We'll decide whether the behavior is an issue or if the behavior is intended.

We wish we could work with everyone directly and assess your issue immediately but we're in the fortunate position of having lots of contributions to work with and only a few humans who are able to do it. We are making progress though and in the meantime, we will keep you in the loop and let you know when we have any questions.

Thanks, from your friendly Umbraco GitHub bot 🤖 🙂

[Migaroez]

Hey @tekoscott
Thank you so much for the detailed bug report. I have been able to reproduce this, and it seems like an oversight in the new login screen. I will flag this as a regression bug and we will do our best to fix this as soon as possible.

[tekoscott]

@Migaroez Thank you.

[kjac]

Hi again @tekoscott,

I'm on this - it is not related to the new login screen, as it is not part of V12 😆 but likely an unfortunate error from a well-meant contribution. I'll run some tests and get back when I have more info.

[kjac]

Fix in #15317

[kjac]

Fixed with #15317 to be released in v12.3.4 👍