Page MenuHomePhabricator

Unable to log in to Android app with two-factor authentication (2FA)
Closed, ResolvedPublicBUG REPORT

Description

I'm unable to log in to the Wikipedia Android app with two-factor authentication (2FA). This bug was initially reported by Michael Greiner on the English Wikipedia at Help talk:Two-factor authentication#2FA entry in Android app. I can reproduce the bug on the latest version of the Android app (r/2.7.50282-r-2019-05-24) on my device (running Android 9) with my account.

Steps to Reproduce:

  1. From the login screen, enter your username and password.
  2. Tap "Log in".
  3. A toast notification appears, saying "Please enter a verification code from your authentication device". However, there is no input field to enter the verification code in.

Actual Results:

At this point, I've attempted to log in by entering the verification code after my password (e.g. password123456) or just the verification code itself (e.g. 123456), but both methods fail to log in with the message "Incorrect username or password entered. Please try again."

Expected Results:

At this point, the app should show a view that contains an input field for the verification code. I should be able to type in the code, submit it, and be logged in to the app.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Newslinger updated the task description. (Show Details)Jul 12 2019, 10:46 PM
Newslinger updated the task description. (Show Details)
Hmxhmx added a subscriber: Hmxhmx.Jul 14 2019, 2:15 PM
Charlotte triaged this task as Medium priority.Jul 16 2019, 4:29 PM
Charlotte moved this task from Needs Triage to Bug Backlog on the Wikipedia-Android-App-Backlog board.
Patriccck added a subscriber: Charlotte.EditedAug 1 2019, 8:03 PM

@Charlotte merged two tasks. 1st task had high priority, but this 2nd task has got lower priority. High priority is probably preferable (this is what I think).

XenonX3 added a subscriber: XenonX3.Aug 2 2019, 2:27 PM

I'm having this problem since of today. I was involuntarily logged out of the app and can't log back in because of the impossibility of entering the 2FA code.

Thanks @Patriccck and @XenonX3 and @Newslinger. We're waiting for a response from some of the folks that handle OAuth, here: https://phabricator.wikimedia.org/T228588#5388536

Meanwhile, you can briefly disable 2FA on your account using the web interface, log into the app, and then re-enable 2FA. You will still be logged in on the app and should be able to carry on as normal. We're sorry for the inconvenience!

Based on the response at T228588#5389351 it looks like there was a breaking change we weren't made aware of, that has changed the output for this extension, which may be the root cause of the issues reported above. @Dbrant @Sharvaniharan or @cooltey, let's pick this up Monday.

Thank you @Charlotte! Now, I am logged in the app.

Apap04 added a subscriber: Apap04.Aug 6 2019, 9:22 AM
Xiplus added a subscriber: Xiplus.Sep 27 2019, 6:04 AM
Patriccck changed the task status from Duplicate to Resolved.Oct 17 2019, 12:45 PM
Apap04 reopened this task as Open.Nov 1 2019, 4:23 PM

No more 2FA, again.

Apap04 added a comment.Nov 1 2019, 4:24 PM

For whatever reason, 2FA was removed after a period of time after being implemented.

I don't presume it was actually removed, I think the functionality has regressed as per

A silly issue that should now be resolved. @Matanya Please check again with the latest alpha.

This was only a few days ago

I see this task is "assigned to" noone - is there a specific person or team that is driving this to completion?

Reedy added a comment.Nov 2 2019, 12:36 AM

I see this task is "assigned to" noone - is there a specific person or team that is driving this to completion?

I guess because it was reopened after being closed as a dupe. And we generally close bug reports when the bug is fixed even if it’s not released etc

Any comment on the second half of my question, "is there a specific person or team that is driving this to completion?" Are we waiting for volunteers, employees, both?

Reedy added a comment.Nov 2 2019, 12:45 AM

Presumably employees. But probably no one specifically working on this bug because it is fixed in the gut repo. I would suspect they have some target date for the next release, but I don’t know their timeline

Though login being broken for a number of users would seem worthy enough to branch and backport a release with the fix if the main release is a long way off

Thanks Reedy - can any WMF employees reading this point us to your release schedule?

Dbrant added a comment.Nov 2 2019, 2:18 AM

Sorry about that -- we'll release a maintenance update to address this issue sometime next week. Until then, you may also use the Alpha version of the app.

Apap04 closed this task as Resolved.Nov 6 2019, 6:16 PM
Apap04 claimed this task.

Shows on Stable, setting back to resolved.

Apap04 removed Apap04 as the assignee of this task.Nov 6 2019, 6:16 PM
Dbrant added a comment.Nov 6 2019, 6:22 PM

thanks for verifying!