search

wordpress-mobile / WordPress-iOS

WordPress for iOS - Official repository
http://ios.wordpress.org/
GNU General Public License v2.0
3.66k stars 1.11k forks source link

No message shown when SMS rate limiting applies #18069

Open guarani opened 2 years ago

guarani commented 2 years ago

Expected behavior

When logging in via SMS-based two-factor authentication (2FA), the app should display a message to the user if it unable to send the SMS code (e.g. due to rate-limiting of one message per minute).

Actual behavior

When the app is unable to send an SMS code, it doesn't notify the user. Instead, the message simply doesn't arrive and this leads to potential user confusion.

Steps to reproduce the behavior

  1. Locate a WP.com account with SMS-based 2FA
  2. The following steps should be done in quick succession (within 60 seconds): a. Perform an action that requires an SMS code to be used (e.g. change the account password on WordPress.com via the browser) b. Log in to the WPiOS app and notice the app indicates that a message has been sent
  3. Notice that no SMS is received
  4. (Optional) Wait till 60 seconds after Step 2a was performed and try again: notice that the SMS arrives correctly

Desired solution

It would be nice to show a message similar to WP.com, which displays "SMS codes are limited to once per minute. Please wait and try again". This was discussed in https://github.com/wordpress-mobile/WordPress-Android/issues/15961#issuecomment-1046830033.

Screen Shot 2022-03-02 at 17 14 06
Tested on iPhone 11, iOS 15.3.1, WPiOS 19.3
guarani commented 8 months ago

1-star review, which could be due to unclear rate limiting:

Haven't been able to log in · The service is so bad that I never receive the SMS verification code, forcing users to be unable to log in.