-
Notifications
You must be signed in to change notification settings - Fork 308
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better error message for users - enrolling the same webauth token twice #3807
Comments
Thank you for filing an issue and sharing your observations or ideas. Please be sure to provide as much information as possible to help us to work on this issue. |
It is possible to enroll a webauthn token several times in privacyIDEA. We first need to verify this. @JiriProkop Can you please provide the error message in Chrome? And also your enrollment policies? |
@cornelinux This is related to the |
Is your feature request related to a problem? Please describe.
When you try to enroll the same token for webauth twice on the same account, different error is shown in Firefox and Chrome. The Chrome one is clear and easy to understand(for users) but the Firefox one is not. The Firefox message: 'The object is in an invalid state. / An attempt was made to use an object that is not, or is no longer, usable'.
Describe the solution you'd like
Unified and easy to understand error message so that users know the most probable source of the error. Optimally with the possibility of translation.
From what I understand this error is generated in browser / something browser related so this would basically mean to not display the error message from browser but replace it with some static one - so it is unified and can be translated.
Additional idea
When this happens the 'new' rejected token is not removed but remains in clientwait state. So for example when you try to enroll the same token 10 times, the 1st passes and the remaining 9 requests stay in clientwait state.
Maybe it wouln't be a bad idea to remove that request token when it is rejected in enrolling.
Additional context
Firefox error message:
Hanging enroll requests after multiple attempts to enroll the same token:
If sensible use a checklist to check, which requirements have been covered by your implementation!
Optional:
Implementation
Describe your implementation plans - what you are exactly going to implement. Use references/link to the existing code
https://github.com/privacyidea/privacyidea/blob/a0336fc4559d93925ea8fe03abdf578035e2bf22/privacyidea/static/components/login/factories/webauthn.js#L58C37-L58C37
On line 58 change e.message with something like: 'Error when enrolling - you are probably trying to enroll the same token twice.'
this would replace the 'e.message':
The text was updated successfully, but these errors were encountered: