"Users must use Two Factor Authentication" setting does not work

[roshanrags]

Description:

As in the title, "Users must use Two Factor Authentication" setting does not work.

Steps to reproduce:

1. Enabled "Users must use Two Factor Authentication" setting on the "user" role.
2. Created new user with "user" role.
3. Able to log in with the new user and do everything without setting up 2FA.
4. Nothing is enforced.

Expected behavior:

1. Server disallows any action till 2FA is set up.
2. When user logs in or refreshes the page, some 2FA related setup flow pops up.

Actual behavior:

Nothing, user can do everything without ever setting up 2FA,

Server Setup Information:

• Version of Rocket.Chat Server: 5.4.0
• Operating System: ubuntu 22.04
• Deployment Method: manual
• Number of Running Instances: 1
• DB Replicaset Oplog: enabled
• NodeJS Version: 14.21.2
• MongoDB Version: 6.0.3

Client Setup Information

Not sure what this means, accessing from browser.

Relevant logs:

Few other issues mention error logs in browser or server, but no error logs seen in this case.

[debdutdeb]

Cannot reproduce onlatest develop.

[roshanrags]

Upgraded to 5.4.2, issue is still there. Let me know what I can do to help debug.

[ulope]

And now it doesn't even matter anymore since versions >6.0 have removed the option to edit roles in the non enterprise version (see #27481, /edit: fixed issue link).

This constant breaking of stuff is so incredibly tiring. We're seriously tempted to suffer the pain of moving to a different chat solution just to not have to deal with this slapdash seat of the pants development model anymore.