bug: Usage to complete MFA on login doesn't work as documented

revoltchat / api

Typescript typings and OpenAPI v3 generator for the Revolt API.

https://developers.revolt.chat/api/

MIT License

36 stars 25 forks source link

bug: Usage to complete MFA on login doesn't work as documented #26

Closed MasicoreLord closed 1 year ago

MasicoreLord commented 1 year ago

What happened?

On this page: https://developers.revolt.chat/api/#tag/Session/operation/login_login

On the first request sample, where it shows what to do to fufil mfa as copied here:

{
  "mfa_ticket": "string",
  "mfa_response": {
    "password": "string"
  },
  "friendly_name": "string"
}

It'd throw error code 400 (Bad Request)

Turns out when inspecting network traffic from Revite, where it'd say password, it actually uses a field named "totp_code", which did work as intended and generated a new login session.

Zomatree commented 1 year ago

You can only do the MFA variants which are in the initial login response under the allowed_methods key, if "Password" is not in that list then you cannot attempt to do password MFA.

The docs show this here: chrome_qnfS9rLklD chrome_Y8hJO1Dnjz

MasicoreLord commented 1 year ago

You can only do the MFA variants which are in the initial login response under the allowed_methods key, if "Password" is not in that list then you cannot attempt to do password MFA.

The docs show this here:

Oh I see, the docs were not very clear on that, lol, also from that I realized I got to also handle the case a user would want to enter their recovery code.

MasicoreLord commented 1 year ago

Didn't see that second any of section from my view, so that explains my confusion:

MasicoreLord commented 1 year ago

I made a user errror in using the docs, and didn't think to use the drop down under mfa_response to see the options.