Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better error message for users - enrolling the same webauth token twice #3807

Open
1 of 2 tasks
JiriProkop opened this issue Nov 8, 2023 · 4 comments
Open
1 of 2 tasks

Better error message for users - enrolling the same webauth token twice #3807

JiriProkop opened this issue Nov 8, 2023 · 4 comments
Labels
Type: Enhancement Not a complete new functional component/feature but an enhancement of an already existing feature.
Milestone
3.11

Comments

@JiriProkop
Copy link

JiriProkop commented Nov 8, 2023
edited

Is your feature request related to a problem? Please describe.

When you try to enroll the same token for webauth twice on the same account, different error is shown in Firefox and Chrome. The Chrome one is clear and easy to understand(for users) but the Firefox one is not. The Firefox message: 'The object is in an invalid state. / An attempt was made to use an object that is not, or is no longer, usable'.

Describe the solution you'd like

Unified and easy to understand error message so that users know the most probable source of the error. Optimally with the possibility of translation.
From what I understand this error is generated in browser / something browser related so this would basically mean to not display the error message from browser but replace it with some static one - so it is unified and can be translated.

Additional idea

When this happens the 'new' rejected token is not removed but remains in clientwait state. So for example when you try to enroll the same token 10 times, the 1st passes and the remaining 9 requests stay in clientwait state.
Maybe it wouln't be a bad idea to remove that request token when it is rejected in enrolling.

Additional context
Firefox error message:
Screenshot from 2023-11-08 10-09-00

Hanging enroll requests after multiple attempts to enroll the same token:
Screenshot from 2023-11-08 10-10-02

If sensible use a checklist to check, which requirements have been covered by your implementation!

  • error message change
    Optional:
  • delete the token if possible

Implementation

Describe your implementation plans - what you are exactly going to implement. Use references/link to the existing code
https://github.com/privacyidea/privacyidea/blob/a0336fc4559d93925ea8fe03abdf578035e2bf22/privacyidea/static/components/login/factories/webauthn.js#L58C37-L58C37

On line 58 change e.message with something like: 'Error when enrolling - you are probably trying to enroll the same token twice.'

this would replace the 'e.message':

gettextCatalog.getString("Error when enrolling - you are probably trying to enroll the same token twice!")
@JiriProkop JiriProkop added the Type: Feature request A change requested or proposed by a user which is not on the default roadmap label Nov 8, 2023
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 8, 2023

Thank you for filing an issue and sharing your observations or ideas. Please be sure to provide as much information as possible to help us to work on this issue.

@JiriProkop JiriProkop mentioned this issue Nov 8, 2023
Closed
@cornelinux cornelinux changed the title Better error message for users - enrolling the same weauth token twice Better error message for users - enrolling the same webauth token twice Nov 13, 2023
@cornelinux
Copy link
Member

cornelinux commented Nov 13, 2023
edited

It is possible to enroll a webauthn token several times in privacyIDEA.
It is not clear, that this error message (object-invalid-state) corresponds bidirectionally with an attempt for a 2nd enrollment.

We first need to verify this.

@JiriProkop Can you please provide the error message in Chrome? And also your enrollment policies?

@cornelinux cornelinux added Type: Enhancement Not a complete new functional component/feature but an enhancement of an already existing feature. and removed Type: Feature request A change requested or proposed by a user which is not on the default roadmap labels Nov 13, 2023
@melanger
Copy link
Contributor

It is possible to enroll a webauthn token several times in privacyIDEA. It is not clear, that this error message (object-invalid-state) corresponds bidirectionally with an attempt for a 2nd enrollment.

We first need to verify this.

Can you please provide the error message in Chrome? And also your enrollment policies?

@cornelinux This is related to the enrollment policy webauthn_avoid_double_registration
screenshot

@JiriProkop
Copy link
Author

and this is the error message in Chrome.

Screenshot from 2023-11-20 10-59-54

@nilsbehlen nilsbehlen added this to the 3.11 milestone May 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Enhancement Not a complete new functional component/feature but an enhancement of an already existing feature.
Projects
None yet
Milestone
3.11
Development

Successfully merging a pull request may close this issue.

better error message for webauth token enroll fail JiriProkop/privacyidea-forked
4 participants
@cornelinux @melanger @nilsbehlen @JiriProkop