Login forbidden on 1.1.2

michalCapo commented 7 years ago

Upgrade from 1.1.1 to 1.1.2 will cause login forbidden after sending verification code. Login forbidden is thrown by meteor.

I downgraded to 1.1.1 and everything work like expected.

dburles commented 7 years ago

Hey which version of Meteor are you running?

michalCapo commented 7 years ago

Meteor 1.4.2.7 also the same on Meteor 1.4.2.6 and also on Meteor 1.4.2.5.

Here is content from versions:

accounts-base@1.2.14
accounts-password@1.3.4
aldeed:autoform@5.8.1
aldeed:autoform-bs-datepicker@1.1.1
aldeed:autoform-select2@2.0.3
aldeed:collection2@2.10.0
aldeed:collection2-core@1.2.0
aldeed:schema-deny@1.1.0
aldeed:schema-index@1.1.1
aldeed:simple-schema@1.5.3
aldeed:template-extension@3.4.3
allow-deny@1.0.5
amplify@1.0.0
anti:i18n@0.4.3
aslagle:reactive-table@0.8.39
autoupdate@1.3.12
babel-compiler@6.14.1
babel-runtime@1.0.1
base64@1.0.10
binary-heap@1.0.10
blaze@2.3.0
blaze-html-templates@1.1.0
blaze-tools@1.0.10
boilerplate-generator@1.0.11
caching-compiler@1.1.9
caching-html-compiler@1.1.0
callback-hook@1.0.10
cfs:access-point@0.1.49
cfs:autoform@2.2.1
cfs:base-package@0.0.30
cfs:collection@0.5.5
cfs:collection-filters@0.2.4
cfs:data-man@0.0.6
cfs:file@0.1.17
cfs:filesystem@0.1.2
cfs:http-methods@0.0.32
cfs:http-publish@0.0.13
cfs:power-queue@0.9.11
cfs:reactive-list@0.0.9
cfs:reactive-property@0.0.4
cfs:standard-packages@0.5.9
cfs:storage-adapter@0.2.3
cfs:tempstore@0.1.5
cfs:upload-http@0.0.20
cfs:worker@0.1.4
check@1.2.4
coffeescript@1.12.3_1
comerc:autoform-typeahead@1.0.6
comerc:bs-typeahead@1.0.2
dburles:two-factor@1.1.1
ddp@1.2.5
ddp-client@1.3.3
ddp-common@1.2.8
ddp-rate-limiter@1.0.6
ddp-server@1.3.13
deps@1.0.12
diff-sequence@1.0.7
ecmascript@0.6.3
ecmascript-runtime@0.3.15
ejson@1.0.13
email@1.1.18
es5-shim@4.6.15
fastclick@1.0.13
fortawesome:fontawesome@4.7.0
fourseven:scss@3.13.0
geojson-utils@1.0.10
gwendall:autoform-i18n@0.1.9_1
gwendall:simple-schema-i18n@0.2.3
hot-code-push@1.0.4
html-tools@1.0.11
htmljs@1.0.11
http@1.2.11
id-map@1.0.9
iron:controller@1.0.12
iron:core@1.0.11
iron:dynamic-template@1.0.12
iron:layout@1.0.12
iron:location@1.0.11
iron:middleware-stack@1.1.0
iron:router@1.1.2
iron:url@1.1.0
jquery@1.11.10
jss:jstree@3.1.3
launch-screen@1.1.1
livedata@1.0.18
localstorage@1.0.12
logging@1.1.17
mdg:validation-error@0.5.1
meteor@1.6.1
meteor-base@1.0.4
meteorhacks:ssr@2.2.0
meteorspark:util@0.2.0
minifier-css@1.2.16
minifier-js@1.2.17
minifiers@1.1.7
minimongo@1.0.20
mobile-experience@1.0.4
mobile-status-bar@1.0.14
modules@0.7.9
modules-runtime@0.7.9
momentjs:moment@2.17.1
mongo@1.1.15
mongo-id@1.0.6
mongo-livedata@1.0.12
mquandalle:jade@0.4.9
mquandalle:jade-compiler@0.4.5
natestrauser:select2@4.0.3
natestrauser:x-editable-bootstrap@1.5.2_4
npm-bcrypt@0.9.2
npm-mongo@2.2.16_1
numtel:template-from-string@0.1.0
observe-sequence@1.0.15
ordered-dict@1.0.9
pfafman:filesaver@1.3.2
practicalmeteor:chai@2.1.0_1
practicalmeteor:loglevel@1.2.0_2
practicalmeteor:mocha@2.4.5_6
practicalmeteor:mocha-core@1.0.1
practicalmeteor:sinon@1.14.1_2
promise@0.8.8
raix:eventemitter@0.1.3
raix:ui-dropped-event@0.0.7
rajit:bootstrap3-datepicker@1.6.4
rajit:bootstrap3-datepicker-ru@1.6.4
rajit:bootstrap3-datepicker-sk@1.6.4
random@1.0.10
rate-limit@1.0.6
reactive-dict@1.1.8
reactive-var@1.0.11
reload@1.1.11
retry@1.0.9
routepolicy@1.0.12
rzymek:moment-locale-af@2.14.1
rzymek:moment-locale-ar@2.14.1
rzymek:moment-locale-ar-ma@2.14.1
rzymek:moment-locale-ar-sa@2.14.1
rzymek:moment-locale-az@2.14.1
rzymek:moment-locale-be@2.14.1
rzymek:moment-locale-bg@2.14.1
rzymek:moment-locale-bn@2.14.1
rzymek:moment-locale-bo@2.14.1
rzymek:moment-locale-br@2.14.1
rzymek:moment-locale-bs@2.14.1
rzymek:moment-locale-ca@2.14.1
rzymek:moment-locale-cs@2.14.1
rzymek:moment-locale-cv@2.14.1
rzymek:moment-locale-cy@2.14.1
rzymek:moment-locale-da@2.14.1
rzymek:moment-locale-de@2.14.1
rzymek:moment-locale-de-at@2.14.1
rzymek:moment-locale-el@2.14.1
rzymek:moment-locale-en-au@2.14.1
rzymek:moment-locale-en-ca@2.14.1
rzymek:moment-locale-en-gb@2.14.1
rzymek:moment-locale-eo@2.14.1
rzymek:moment-locale-es@2.14.1
rzymek:moment-locale-et@2.14.1
rzymek:moment-locale-eu@2.14.1
rzymek:moment-locale-fa@2.14.1
rzymek:moment-locale-fi@2.14.1
rzymek:moment-locale-fo@2.14.1
rzymek:moment-locale-fr@2.14.1
rzymek:moment-locale-fr-ca@2.14.1
rzymek:moment-locale-gl@2.14.1
rzymek:moment-locale-he@2.14.1
rzymek:moment-locale-hi@2.14.1
rzymek:moment-locale-hr@2.14.1
rzymek:moment-locale-hu@2.14.1
rzymek:moment-locale-hy-am@2.14.1
rzymek:moment-locale-id@2.14.1
rzymek:moment-locale-is@2.14.1
rzymek:moment-locale-it@2.14.1
rzymek:moment-locale-ja@2.14.1
rzymek:moment-locale-ka@2.14.1
rzymek:moment-locale-km@2.14.1
rzymek:moment-locale-ko@2.14.1
rzymek:moment-locale-lb@2.14.1
rzymek:moment-locale-lt@2.14.1
rzymek:moment-locale-lv@2.14.1
rzymek:moment-locale-mk@2.14.1
rzymek:moment-locale-ml@2.14.1
rzymek:moment-locale-mr@2.14.1
rzymek:moment-locale-ms-my@2.14.1
rzymek:moment-locale-my@2.14.1
rzymek:moment-locale-nb@2.14.1
rzymek:moment-locale-ne@2.14.1
rzymek:moment-locale-nl@2.14.1
rzymek:moment-locale-nn@2.14.1
rzymek:moment-locale-pl@2.14.1
rzymek:moment-locale-pt@2.14.1
rzymek:moment-locale-pt-br@2.14.1
rzymek:moment-locale-ro@2.14.1
rzymek:moment-locale-ru@2.14.1
rzymek:moment-locale-sk@2.14.1
rzymek:moment-locale-sl@2.14.1
rzymek:moment-locale-sq@2.14.1
rzymek:moment-locale-sr@2.14.1
rzymek:moment-locale-sr-cyrl@2.14.1
rzymek:moment-locale-sv@2.14.1
rzymek:moment-locale-ta@2.14.1
rzymek:moment-locale-th@2.14.1
rzymek:moment-locale-tl-ph@2.14.1
rzymek:moment-locale-tr@2.14.1
rzymek:moment-locale-tzm@2.14.1
rzymek:moment-locale-tzm-latn@2.12.0
rzymek:moment-locale-uk@2.14.1
rzymek:moment-locale-uz@2.14.1
rzymek:moment-locale-vi@2.14.1
rzymek:moment-locale-zh-cn@2.14.1
rzymek:moment-locale-zh-tw@2.14.1
rzymek:moment-locales@2.9.0
service-configuration@1.0.11
session@1.1.7
sha@1.0.9
shell-server@0.2.2
simple:reactive-method@1.0.2
spacebars@1.0.13
spacebars-compiler@1.1.0
srp@1.0.10
standard-minifier-css@1.3.3
standard-minifier-js@1.2.2
tap:i18n@1.8.2
templating@1.3.0
templating-compiler@1.3.0
templating-runtime@1.3.0
templating-tools@1.1.0
themeteorchef:bert@2.1.1
tmeasday:test-reporter-helpers@0.2.1
tracker@1.1.2
twbs:bootstrap@3.3.6
u2622:persistent-session@0.4.4
udondan:jszip@2.4.0_1
ui@1.0.12
underscore@1.0.10
underscorestring:underscore.string@3.3.4
url@1.1.0
webapp@1.3.13
webapp-hashing@1.0.9

And packages:

meteor-base@1.0.4             # Packages every Meteor app needs to have
mobile-experience@1.0.4       # Packages for a great mobile UX
mongo@1.1.14                   # The database Meteor supports right now
blaze-html-templates@1.0.4    # Compile .html files into Meteor Blaze views
reactive-var@1.0.11            # Reactive variable for tracker
jquery@1.11.10                  # Helpful client-side library
tracker@1.1.1                 # Meteor's client-side reactive programming library

standard-minifier-css@1.3.2   # CSS minifier run for production mode
standard-minifier-js@1.2.1    # JS minifier run for production mode
es5-shim@4.6.15                # ECMAScript 5 compatibility for older browsers.
ecmascript@0.6.1              # Enable ECMAScript2015+ syntax in app code

iron:router
fourseven:scss
mquandalle:jade
accounts-password@1.3.3
aldeed:simple-schema
aldeed:collection2
aldeed:autoform
twbs:bootstrap
check@1.2.4
session@1.1.7
u2622:persistent-session
comerc:bs-typeahead
comerc:autoform-typeahead
practicalmeteor:mocha
shell-server@0.2.1
random@1.0.10
tap:i18n
gwendall:autoform-i18n
gwendall:simple-schema-i18n
underscorestring:underscore.string
momentjs:moment
rzymek:moment-locales
rajit:bootstrap3-datepicker
rajit:bootstrap3-datepicker-ru
rajit:bootstrap3-datepicker-sk
pfafman:filesaver
udondan:jszip
themeteorchef:bert
jss:jstree
http@1.2.10
natestrauser:select2
aldeed:autoform-select2
aslagle:reactive-table
aldeed:schema-index
natestrauser:x-editable-bootstrap
simple:reactive-method
cfs:standard-packages
cfs:filesystem
cfs:autoform
numtel:template-from-string
email@1.1.18
meteorhacks:ssr
aldeed:autoform-bs-datepicker
dburles:two-factor

dburles commented 7 years ago

Thanks @michalCapo for now, as you said, I'd stick with 1.1.1

dburles commented 7 years ago

BTW I would really appreciate a PR for this issue as I'm a bit busy with other projects. The problem lies with the logic within this function.

The root of the problem is that we need to allow for the new login type 2FALogin (options.type). But also at the same time respect the customValidator (if defined). Tests would be ideal...

dburles commented 7 years ago

So if you have the time (and don't mind) having a look into it, that would be awesome.

michalCapo commented 7 years ago

I'm short on time, but I will do my best.

dburles commented 7 years ago

Fixed with #11

dburles / meteor-two-factor

Login forbidden on 1.1.2 #7