Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Login asks for OTP key when none is associated with the account. #981

Open
kekonn opened this issue Apr 16, 2024 · 1 comment
Open
Labels
area/ui help wanted Extra attention is needed type/bug

Comments

@kekonn
Copy link
Contributor

kekonn commented Apr 16, 2024

I added an OTP key to a user then realised I couldn't add it (Bitwarden wouldn't scan the QR code and it didn't display the raw hash).

I then deleted the OTP key from the account and clicked update. If I check in the admin panel there is no OTP key associated with the account, but when I want to log in with that account in the web interface, it asks for an OTP value.

Reproduction:

  1. Log in as admin
  2. Add otp key to account
  3. Click next (why is there no confirmation for the OTP key?)
  4. Save the account, but stay on the page
  5. Delete the OTP key
  6. Save the account again
  7. Log out as admin
  8. Try to log in as the changed user. Warpgate asks for an OTP key after password, which it shouldn't

I'm on version v0.9.1

@kekonn
Copy link
Contributor Author

kekonn commented Apr 16, 2024

I was investigating some more and in the network console of the browser I saw that even though OTP was deleted as a password method, it was still setting TOTP as a login policy for HTTP. I used edit and resend in the network console to remove the value and post the new settings and now it works, so this seems like a client side bug.

@Eugeny Eugeny added help wanted Extra attention is needed type/bug area/ui labels Apr 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/ui help wanted Extra attention is needed type/bug
Projects
None yet
Development

No branches or pull requests

2 participants