Getting 'not authorized' error on MFA setup. Still allows users to proceed.

[tylermaran]

Important Details

How are you running Sentry?

• Saas (sentry.io)

Description

An incorrect error modal pops up when setting up MFA after being prompted for a password. Clicking away allows you to proceed with the MFA setup.

Steps to Reproduce

1. Go to User Settings => Security
2. Click on Authenticator App
3. Prompted to enter password
4. Enter correct password
5. Get Not Authorized error modal.
6. Click away, and proceed with MFA setup

Good items to include here include:

• Not isolated. This just happened to everyone on our dev team as we set up MFA for sentry.

What you expected to happen

No error

Possible Solution

[If you have an idea on how this could be solved include that detail here.]

[github-actions[bot]]

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Accepted, I will leave it alone ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

[tylermaran]

I think this should remain active. I can still see the issue when I go to change my MFA settings.

[BYK]

Ping @getsentry/security and @getsentry/enterprise for triage.

[leedongwei]

@tylermaran Thanks for the report! I have replicated the issue.

The bug is with Step 5 where the frontend is not re-rendered after the authorization is completed. Additionally, I've verified that I'm not authorized to setup MFA if I gave the wrong password.

I've added this into our backlog (cc @bowencai8)