Duo broken in 2019 Week 12

#1

Observed Behavior:
Logging in with Duo MFA is no longer working in 2019 Week 12. After the push is sent and approved, it just spins forever; pressing “Continue” causes it to send another push.

The POST to https://DOMAIN/auth/mfa/challenge/status/35/ doesn’t seem to return anything useful.

The only way to log in is to hit the Duo prompt, accept the push on your phone, then in Phabricator hit Cancel (which goes to a screen saying “Do you want to log out (Cancel) (Log Out)”), then hit Cancel again, which then goes to a screen which says something like “Your Duo authentication was successful”.

Expected Behavior:
Logging me in.

Phabricator Version:
Internal fork from 2019 Week 12

Reproduction Steps:
Steps the upstream can follow on a clean install to see the same issue

0 Likes

#2

I can’t reproduce this, the flow works correctly for me locally:

0 Likes

#3

This part I can reproduce, and https://secure.phabricator.com/D20347 should fix it. However, should only be a cosmetic/display issue and should not impact the overall behavior of the workflow.

0 Likes

#4

Possible explanation:

  • The user (possibly you) answered the challenge.
  • Because of the display issue with live updates, the user waited for the arrows to stop spinning.
  • They waited several minutes: long enough for the first challenge to time out.
  • When they clicked “Continue”, the successful state of the first challenge had timed out, so a new challenge was issued.

If so:

  • Workaround: Click “Continue” a few seconds after you answer the challenge.
  • “Fix”: The change above should fix the live update.

This workflow should be robust whether the Javascript component is working or not. You do not need to wait for the UI to update to reflect that the challenge has been answered – once your phone has acknowledged that you tapped the checkmark, the web UI should let you continue.

0 Likes

#5

I have tested by pressing Continue 5 seconds after answering the challenge, and I still get a new challenge pushed to me; the Cancel-Cancel flow is still the only one that seems to work. I will try cherry-picking in D20347 after it’s landed and see if that improves anything and get back to you.

0 Likes

#6

I cherry-picked in that commit and everything works now. Hurray!

0 Likes

#7

iiam

0 Likes

closed #8
0 Likes