-
David Rodríguez authored
If a command requires two MFA authenticated requests, and webauthn is enabled, then first one will succeed but the second one will fail because it tries to reuse the OTP code from the first request and that does not work. This happens when you have not yet logged in to rubygems.org, or when you have an API key with invalid scopes for the current operation. In that case, we need: * An API request to get a token or change scopes for the one that you have. * Another API request to perform the actual operation. Instead of trying to reuse the token, make sure it's cleared so we are asked to authenticate again. We only do this when webauthn is enabled because reusing TOPT tokens otherwise is allowed and I don't want to break that. https://github.com/rubygems/rubygems/commit/669e343935
David Rodríguez authoredIf a command requires two MFA authenticated requests, and webauthn is enabled, then first one will succeed but the second one will fail because it tries to reuse the OTP code from the first request and that does not work. This happens when you have not yet logged in to rubygems.org, or when you have an API key with invalid scopes for the current operation. In that case, we need: * An API request to get a token or change scopes for the one that you have. * Another API request to perform the actual operation. Instead of trying to reuse the token, make sure it's cleared so we are asked to authenticate again. We only do this when webauthn is enabled because reusing TOPT tokens otherwise is allowed and I don't want to break that. https://github.com/rubygems/rubygems/commit/669e343935
Loading