Can't login in after upgrading to rev. 21486
|Resolution:||Cant reproduce||Affected version:|
I previously enabled 2fa with Google Authenticator and it worked smoothly.
After upgrading to rev.21486 I can no longer log in with the ga generated code.
The error message is "Invalid or outdated code".
How can I get rid of this?
Is there a way to disable 2fa without logging into Redmine?
I cannot reproduce the issue for now.
You can forcefully disable two-factor authentication if you can access the console of your Redmine server. Please follow the steps below:
Go go the installation directory of Redmine and start a Rails console.
cd path/to/redmine bin/rails c -e production
Enter the following lines in the Rails console. The example below disables two-factor authentication for the user 'jsmith'.
user = User.find_by(login: 'jsmith') require 'redmine/twofa/base' twofa = Redmine::Twofa::Base.new(user) twofa.destroy_pairing_without_verify! exit
#2 Updated by ChunChang Lo 9 months ago
- File 2022-03-21_20-22-07.png added
The code snippet works.
After disabling 2fa authentication for my account, it ask me to set it up again.
(I enabled this option for administrators when I tried to translate label_required_administrators, see #36606).
After I scanned the QR code in Google Authenticator and enter code shown in GA, it won't accept the code.
So, it seems that I need to disable this setting too.
Thanks in advance.
#3 Updated by ChunChang Lo 9 months ago
I figured it out.
$ mysql -u myredmineuser -p
Enter password: myredminepassword
MariaDB [(none)]> use redmine
MariaDB [redmine]> update settings set value = 0 where name = 'twofa';
I can login to my Redmine site again. :)
It is very strange that the 2fa setting page won't accept any code from Google Authenticator & Authy.
#5 Updated by ChunChang Lo 9 months ago
Go MAEDA wrote:
Are the clocks of your devices correct?
yes, the system time (iphone & pc) is the same. (ntp to the same timezone, Taipei UTC+8).
just tried again, and both google authenticator & authy are failed (the 2fa settings page doesn't accept codes from the app).
the error message is the same as '2022-03-21_20-22-07.png'.
BTW, the redmine server uses UTC & all admin accounts uses Taipei UTC+8 in the account's preferences.
#8 Updated by Jan Catrysse 5 months ago
It seems I have the same issue, I am on 4.2.3-stable.
I never had any issues, and now it seems people cannot longer activate 2FA: Code is invalid or outdated.
I observe it DOES work when 2FA is optional and users are using the account settings. If 2FA is required, and users get the forced 2FA prompt, it doesn't work.
I also notice, it does seem to work on my test environment (other servers, same Redmine version). ROTP gem is 6.2.0, other gems are the same version.
Both servers are on CEST and time synced. (Could DST play a role? We activated most accounts before summer time)
Could someone point me in a direction?
#9 Updated by Jan Catrysse 5 months ago
The behavior on production seems to be the same for manual or forced 2FA activation.
This morning, multiple users were unable to activate 2FA, and now it only blocks from time to time.
This resembles a time sync issue... but all devices / servers are synchronized perfectly. Timezone is CEST (Belgium)
I tried again on my test environment, same behavior. The code is not working from time to time... but independently of the moment I use the code (beginning, middle or end of the 30 second timeframe)
Could this be a Google Authenticator issue?