scheb
"User is in a two-factor authentication process" exception picked up by sentry
Bundle version: 7.5.0 Symfony version: 6.4.9 PHP version: 8.3.7
Description
We are using sentry and scheb/2fa
We noticed that sentry is picking up an exception "User is in a two-factor authentication process.", and we are not sure why, but it seems to happen quite often. Is this an implementation error? Sentry picking up something it shouldn't? What's the purpose of this exception?
This is an AccessDeniedException that is raised by the bundle whenever someone tries to access a protected route, while they're still in the process of entering the 2fa code.
See: https://github.com/scheb/2fa/blob/642dbafe8c6aca8390fb4b45e8ed634c2e3d9567/src/bundle/Security/Http/Firewall/TwoFactorAccessListener.php#L58
Doing a quick test, on such case, I'm being redirected to set the verification code, so why there's also an exception?
Wouldn't a return; make more sense?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
Same issue found in Sentry for me also. In fact user is 2FA page for verification.
And strange enough user is not able to login or register from certain devices/browsers/OS. On form submit redirect back to login/register page. Could also be related to loadbalancers as I have multiple VMs. Though I have Sticky session with IP set (and I store session in MySQL database).
We solved it by ignoring the exception on sentry by doing on the sentry.yaml; I do still believe the exception shouldn't be there
when@prod:
sentry:
dsn: '%env(SENTRY_DSN)%'
options:
before_send: 'sentry.callback.before_send'
ignore_exceptions:
- 'Symfony\Component\Security\Core\Exception\AccessDeniedException'