search

wordpress-mobile / WordPress-iOS

WordPress for iOS - Official repository
http://ios.wordpress.org/
GNU General Public License v2.0
3.7k stars 1.12k forks source link

Login: Submitting wrong code for SMS 2FA can result in a vague error message #20983

Open twstokes opened 1 year ago

twstokes commented 1 year ago

Expected behavior

A helpful error message to be shown.

Actual behavior

"two_step_nonce required." message was shown.

Steps to reproduce the behavior

  1. Start the login flow for a WordPress.com account through Google, that has 2FA+SMS enabled on the WordPress.com side.
  2. When prompted for the 2FA code, type an incorrect code.
  3. Observe the error message.
Tested on iPhone 12, iOS 16.5.1, Jetpack iOS / WordPress iOS 22.7
staskus commented 12 months ago

Reopening the issue.

The fix (https://github.com/wordpress-mobile/WordPressAuthenticator-iOS/pull/793) was reverted (https://github.com/wordpress-mobile/WordPressAuthenticator-iOS/pull/802) since it broke pass key support (https://github.com/wordpress-mobile/WordPress-iOS/pull/22001)