2FA Recovery is broken
Summary
When 2FA is on and trying to recover my GitLab account (linked to Google account) using Recovery Codes (because my second factor is lost), I cannot submit the form because of an errant validation error.
Steps to reproduce
- Set up account on GitLab.com with Google (gsuite) identity
- Set up 2FA on your account using smartphone as second factor
- Break smartphone
- Use Chrome for Mac (Version 79.0.3945.117 (Official Build) (64-bit)), logged in to Chrome as a gsuite user and logged in to gmail as that user:
- Go to https://gitlab.com/users/sign_in
- Under "Sign in with", click "Google" button
- Click on the intended Google identity (you don't have to enter your Google password because you've authenticated before)
- On next screen, when challenged for second factor (which was a smartphone/app), enter a Recovery Code instead (the form says you can!) A spurious validation error pops up under the textbox that says "this field is required."
Example Project
This bug happens on GitLab.com
What is the current bug behavior?
When entering a Recovery Code instead of a 2FA code, the form reports a spurious error message: "this field is required" and you cannot submit the form.
What is the expected correct behavior?
I am able to submit the form and recover my account
Relevant logs and/or screenshots
In this screenshot (which I produced after I worked around my problem), I put in a fake recovery code that isn't even the right length. But when I encountered the issue, I promise you that I copied and pasted a valid Recovery Code right out of the txt file!
Screen_Shot_2020-01-14_at_5.35.06_PM!
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
This bug happens on GitLab.com
Results of GitLab application Check
This bug happens on GitLab.com
Possible fixes
Work-around: Use the Chrome dev tools to remove the "required" and "inputmode" attributes from the input element, then click the button.
Zendesk Examples (GitLab Internal)
- https://gitlab.zendesk.com/agent/tickets/144088
- https://gitlab.zendesk.com/agent/tickets/144065
- https://gitlab.zendesk.com/agent/tickets/144056
- https://gitlab.zendesk.com/agent/tickets/144092
- https://gitlab.zendesk.com/agent/tickets/143998
- https://gitlab.zendesk.com/agent/tickets/144076
- https://gitlab.zendesk.com/agent/tickets/144083
- https://gitlab.zendesk.com/agent/tickets/143992
- https://gitlab.zendesk.com/agent/tickets/144100
- https://gitlab.zendesk.com/agent/tickets/144128
- https://gitlab.zendesk.com/agent/tickets/144211