Base solution for your next web application
Open Closed

2FA - Exception - SendSecurityCodeErrorMessage #10407


User avatar
1
bluescopesteel created

Hi AspnetZero support team,

Product version -10.2.0 Product type - Angular Product framework type - .Net Core

Facing a problem in 2FA. When user apply 2FA, it works fine for first time. But if user disables the 2FA and re-enables it, then while login it is hitting the exception in TokenAuthController.cs.

throw new UserFriendlyException(L("SendSecurityCodeErrorMessage"));

Since it is problem in CacheManager, if I restart the App/ debugging session, the issue will go off, but again appears if user repeat the steps.

Code is:

public async Task SendTwoFactorAuthCode([FromBody] SendTwoFactorAuthCodeModel model)
        {
            var cacheKey = new UserIdentifier(AbpSession.TenantId, model.UserId).ToString();

            var cacheItem = await _cacheManager
                .GetTwoFactorCodeCache()
                .GetOrDefaultAsync(cacheKey);

            if (cacheItem == null)
            {
                //There should be a cache item added in Authenticate method! This check is needed to prevent sending unwanted two factor code to users.
                throw new UserFriendlyException(L("SendSecurityCodeErrorMessage"));
            }
         //Continue...
         }

Could you please advice?


3 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @bluescopesteel

    This problem is resolved in https://github.com/aspnetzero/aspnet-zero-core/issues/3703. Could you apply same changes to your project and see if it works ?

  • User Avatar
    0
    bluescopesteel created

    Hi @ismcagdas,

    Thanks v much for your suggestion, it is working fine in my local.

  • User Avatar
    0
    SelfSwapAdmin created

    Hey)) I just hit this problem today myself on 10.2 Angular\Core. I also applied the changes from #3754 but it did not fix the problem on my local so far. Did you find any problems with the changesets, which backtracked on earlier changes in the final commit and left an unused import for validate-two-factor-code.component.ts in send-two-factor-code.component.ts?