submitted 5 months ago by [email protected] to c/[email protected]

8 comments fedilink hide all child comments

Suddenly today I'm not able to sign into Hexbear because it keeps telling me my 2FA code is incorrect. Nothing on my end has changed at all and my 2FA is done through BitWarden automatically. If I try more than 2 times to sign in it blocks me for over an hour from even attempting to sign in. I can't figure out wtf email address I used to sign up so I can't even reset the password. Halp! am @peeonyou on hexbear

you are viewing a single comment's thread
view the rest of the comments

[-] [email protected] 4 points 5 months ago

Hi, thank you for reporting this issue! sorry it's taken a bit to work its way to the relevant people. It should be working now, assuming you are not currently rate limited and you don't require multiple retries to get the 2fa code right.

a little inside baseball

So the issue is, lemmy doesn't have super granular controls on various API rate limits, there are only like 7 categories but there are many more API endpoints than that. For reasons I cannot fathom, the /login endpoint uses the same rate limit as the /register endpoint (for applying for a new account), which we keep pretty low to prevent registration spam, etc.

In addition, 2FA logins require 2 calls to /login, since the first one has to come back with a response telling the page to display the 2fa prompt, and then a second request is sent with the 2FA code.

Long story short, there was recently an attempted "raid" of the site by some trolls, and in preparation the /register rate limit was lowered further than normal, to only 1 per hour. This had the unintended effect of making 2FA logins impossible, and has now been increased. In future our devs may change the login rate limit to not track /register, but for now 2FA should be working again, though if you mis-type the code you may get rate-limited for an hour until a more permanent fix is in place.

[-] [email protected] 2 points 5 months ago

awesome! i'm back baby! also, thank you so much for the explanation, makes total sense now

this post was submitted on 20 Dec 2024

13 points (100.0% liked)

hexbear

10421 readers

1 users here now

Hexbear Proposals chapo.chat matrix room.

This will be a place for site proposals and discussion before implementation on the site.
Every proposal will also be mirrored into a pinned post on the hexbear community.

Any other ideas for helping to integrate the two spaces are welcome to be commented here or messaged to me directly.

Within Hexbear Proposals you can see the history of all site proposals and react to them, indicating a vote for or against a proposal.

Sending messages will be restricted to verified and active hexbear accounts older than 1 month with their matrix id in their hexbear user profile.

All top level messages within the channel must be a Proposals (idea for changing the site), Feedback (regarding non-technical aspects of the site, for technical please use https://hexbear.net/c/feedback), or Appeals (regarding admin/moderator actions).

Discussion regarding these will be within nested threads under the post.

To gain matrix verification, all you need to do is navigate to my hexbear userprofile and click the send a secure private message including your hexbear username.

founded 4 years ago

MODERATORS

[email protected]