Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MFA - Cannot receive SMS token if maxPasswordHistory != 0 #9528

Open
riccardoch opened this issue Jan 10, 2025 · 1 comment
Open

MFA - Cannot receive SMS token if maxPasswordHistory != 0 #9528

riccardoch opened this issue Jan 10, 2025 · 1 comment
Labels
type:bug Impaired feature or lacking behavior that is likely assumed

Comments

@riccardoch
Copy link

New Issue Checklist

Issue Description

If maxPasswordHistory is set to a value != 0, the token request does not work as expected. It appears to be incorrectly interpreted as a password change request, as a result no token is created.

Steps to reproduce

To reproduce the issue you have to set maxPasswordHistory in index.js to a value != 0:

maxPasswordHistory: 5

Then you need to request a token for a user with MFA enabled:

POST {{url}}/login
Content-Type: application/json
Cache-Control: no-cache
X-Parse-REST-API-Key: {{rest_api_key}}
X-Parse-Application-Id: {{application_id}}

{
    "username": "tester",
    "password": "*********",
    "authData": { 
        "mfa": { 
            "mobile": "+11111111111",
            "token": "request"
        }
    }
}

This is the response:

{
  "code": 142,
  "error": "New password should not be the same as last 5 passwords."
}

If you remove maxPasswordHistory the token is sent as expected.

Actual Outcome

sendSMS callback is not called and this is the current result if maxPasswordHistory is != 0:

{
  "code": 142,
  "error": "New password should not be the same as last 5 passwords."
}

Expected Outcome

sendSMS callback returns the token and this is the expected response to the token request:

{
  "code": 141,
  "error": "Please enter the token"
}

Environment

Node: 18.20.5

Server

  • Parse Server version: 7.4.0
  • Operating system: Ubuntu 20.04
  • Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): Digital Ocean

Database

  • System (MongoDB or Postgres): MongoDB
  • Database version: 6
  • Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): Digital Ocean
@parse-github-assistant Parse GitHub Assistant
Copy link

Thanks for opening this issue!

  • 🚀 You can help us to fix this issue faster by opening a pull request with a failing test. See our Contribution Guide for how to make a pull request, or read our New Contributor's Guide if this is your first time contributing.

@mtrezza mtrezza added the type:bug Impaired feature or lacking behavior that is likely assumed label Jan 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:bug Impaired feature or lacking behavior that is likely assumed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@riccardoch @mtrezza