Page MenuHomePhabricator
Create Task
Maniphest T227925

Unable to log in to Android app with two-factor authentication (2FA)
Closed, ResolvedPublicBUG REPORT
Actions

Description

I'm unable to log in to the Wikipedia Android app with two-factor authentication (2FA). This bug was initially reported by Michael Greiner on the English Wikipedia at Help talk:Two-factor authentication#2FA entry in Android app. I can reproduce the bug on the latest version of the Android app (r/2.7.50282-r-2019-05-24) on my device (running Android 9) with my account.

Steps to Reproduce:

  1. From the login screen, enter your username and password.
  2. Tap "Log in".
  3. A toast notification appears, saying "Please enter a verification code from your authentication device". However, there is no input field to enter the verification code in.

Actual Results:

At this point, I've attempted to log in by entering the verification code after my password (e.g. password123456) or just the verification code itself (e.g. 123456), but both methods fail to log in with the message "Incorrect username or password entered. Please try again."

Expected Results:

At this point, the app should show a view that contains an input field for the verification code. I should be able to type in the code, submit it, and be logged in to the app.

Related Objects
Search...

Event Timeline

Newslinger created this task.Jul 12 2019, 10:12 PM
Restricted Application added a project: Wikipedia-Android-App-Backlog. · View Herald TranscriptJul 12 2019, 10:12 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Xaosflux added a project: Regression.Jul 12 2019, 10:44 PM
Newslinger updated the task description. (Show Details)Jul 12 2019, 10:46 PM
Newslinger updated the task description. (Show Details)
Hmxhmx subscribed.Jul 14 2019, 2:15 PM
Charlotte triaged this task as Medium priority.Jul 16 2019, 4:29 PM
Charlotte moved this task from Needs Triage to Bug Backlog on the Wikipedia-Android-App-Backlog board.
CennoxX moved this task from Bug Backlog to Product Backlog on the Wikipedia-Android-App-Backlog board.Jul 24 2019, 10:14 AM
CennoxX moved this task from Product Backlog to Bug Backlog on the Wikipedia-Android-App-Backlog board.Jul 24 2019, 10:17 AM
Charlotte merged a task: T229167: Cannot log into Wikipedia app on Android when 2FA is set on my Wikimedia account.Jul 29 2019, 3:09 PM
Charlotte added subscribers: Patriccck, Ladsgroup, Znotch190711.
Patriccck added a subscriber: Charlotte.EditedAug 1 2019, 8:03 PM

@Charlotte merged two tasks. 1st task had high priority, but this 2nd task has got lower priority. High priority is probably preferable (this is what I think).

XenonX3 subscribed.Aug 2 2019, 2:27 PM

I'm having this problem since of today. I was involuntarily logged out of the app and can't log back in because of the impossibility of entering the 2FA code.

Charlotte added a comment.Aug 2 2019, 9:23 PM

Thanks @Patriccck and @XenonX3 and @Newslinger. We're waiting for a response from some of the folks that handle OAuth, here: https://phabricator.wikimedia.org/T228588#5388536

Meanwhile, you can briefly disable 2FA on your account using the web interface, log into the app, and then re-enable 2FA. You will still be logged in on the app and should be able to carry on as normal. We're sorry for the inconvenience!

Charlotte added subscribers: Sharvaniharan, cooltey, Dbrant.Aug 4 2019, 2:50 PM

Based on the response at T228588#5389351 it looks like there was a breaking change we weren't made aware of, that has changed the output for this extension, which may be the root cause of the issues reported above. @Dbrant @Sharvaniharan or @cooltey, let's pick this up Monday.

Charlotte raised the priority of this task from Medium to High.Aug 4 2019, 2:51 PM
Charlotte edited projects, added Wikipedia-Android-App-Backlog (Android-app-release-v2.7.29x-N-Nanaimo-Bar); removed Wikipedia-Android-App-Backlog.
Charlotte moved this task from Backlog to Ready for dev on the Wikipedia-Android-App-Backlog (Android-app-release-v2.7.29x-N-Nanaimo-Bar) board.
Patriccck added a comment.Aug 4 2019, 7:16 PM

Thank you @Charlotte! Now, I am logged in the app.

Apap04 subscribed.Aug 6 2019, 9:22 AM
Reedy mentioned this in T230043: Add WebAuthn support to Mobile apps.Aug 7 2019, 4:59 PM
Dbrant moved this task from Ready for dev to QA signoff on the Wikipedia-Android-App-Backlog (Android-app-release-v2.7.29x-N-Nanaimo-Bar) board.Aug 13 2019, 4:30 PM
Charlotte mentioned this in T229949: Add support for bot passwords.Aug 13 2019, 4:53 PM
Xiplus subscribed.Sep 27 2019, 6:04 AM
Reedy closed this task as a duplicate of T228588: 2FA logon doesn’t work on the iOS app.Oct 16 2019, 3:56 PM
Patriccck changed the task status from Duplicate to Resolved.Oct 17 2019, 12:45 PM
Matanya mentioned this in T236385: 2FA UI disappeared from android app - can't login .Oct 24 2019, 10:39 PM
Reedy mentioned this in T150899: Support 2FA in Wikipedia Mobile applications.Nov 1 2019, 2:50 PM
Charlotte mentioned this in T228588: 2FA logon doesn’t work on the iOS app.Nov 1 2019, 3:47 PM
Apap04 reopened this task as Open.Nov 1 2019, 4:23 PM

No more 2FA, again.

Apap04 added a comment.Nov 1 2019, 4:24 PM

For whatever reason, 2FA was removed after a period of time after being implemented.

Reedy added subscribers: Matanya, Reedy.Nov 1 2019, 5:22 PM

I don't presume it was actually removed, I think the functionality has regressed as per

In T236385#5613183, @Dbrant wrote:

A silly issue that should now be resolved. @Matanya Please check again with the latest alpha.

This was only a few days ago

Reedy added a comment.Nov 1 2019, 5:26 PM

Specifically, https://github.com/wikimedia/apps-android-wikipedia/commit/361e389dfd62cc65cf40e5e13b13289c6b51ed89

It's in the alpha

Xaosflux added a parent task: T150899: Support 2FA in Wikipedia Mobile applications.Nov 1 2019, 6:39 PM
Xaosflux subscribed.
Xaosflux added a comment.Nov 1 2019, 6:42 PM

I see this task is "assigned to" noone - is there a specific person or team that is driving this to completion?

Reedy added a comment.Nov 2 2019, 12:36 AM
In T227925#5627509, @Xaosflux wrote:

I see this task is "assigned to" noone - is there a specific person or team that is driving this to completion?

I guess because it was reopened after being closed as a dupe. And we generally close bug reports when the bug is fixed even if it’s not released etc

Xaosflux added a comment.Nov 2 2019, 12:41 AM

Any comment on the second half of my question, "is there a specific person or team that is driving this to completion?" Are we waiting for volunteers, employees, both?

Reedy added a comment.Nov 2 2019, 12:45 AM

Presumably employees. But probably no one specifically working on this bug because it is fixed in the gut repo. I would suspect they have some target date for the next release, but I don’t know their timeline

Though login being broken for a number of users would seem worthy enough to branch and backport a release with the fix if the main release is a long way off

Xaosflux added a comment.Nov 2 2019, 12:54 AM

Thanks Reedy - can any WMF employees reading this point us to your release schedule?

Dbrant added a comment.Nov 2 2019, 2:18 AM

Sorry about that -- we'll release a maintenance update to address this issue sometime next week. Until then, you may also use the Alpha version of the app.

Apap04 closed this task as Resolved.Nov 6 2019, 6:16 PM
Apap04 claimed this task.

Shows on Stable, setting back to resolved.

Apap04 removed Apap04 as the assignee of this task.Nov 6 2019, 6:16 PM
Dbrant added a comment.Nov 6 2019, 6:22 PM

thanks for verifying!

XenonX3 unsubscribed.Apr 12 2021, 8:45 PM
Novem_Linguae reopened this task as Open.Dec 6 2023, 9:45 AM
Novem_Linguae subscribed.

I downloaded the Android app for the first time tonight. Tried to log in. Got to the 2FA screen and could not get past it. Error message was "Verification failed." I have 2FA on my account. Possible regression?

Novem_Linguae closed this task as Resolved.Dec 6 2023, 9:46 AM
Novem_Linguae claimed this task.

Never mind. Restarting my authenticator app seems to have fixed this.

Novem_Linguae removed Novem_Linguae as the assignee of this task.Dec 6 2023, 9:47 AM
Apap04 unsubscribed.Dec 6 2023, 2:57 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL