twofactor_totp
twofactor_totp copied to clipboard
nextcloud
After upgrade disable/enable 2fa generates a new code
Steps to reproduce
Upgrade to 11.0.1 Log in after session timout Expected behaviour
After entering code I should be able to login
Actual behaviour
TOTP (Google Authenticator) Swedish error message "Fel vid verifiering av tvåfaktorsautentisering." New prompt to add Authentication code
After using a backup code I was able to login. Disabling 2fa let me login again. When I re-enable it a new key is generated.
This behaviour was not before the upgrade. I have had some issues with OPDS not working with app passwords so I have disabled and the re-enabled 2fa several times before.
Server configuration
Operating system: Ubuntu 16.04.1 LTS
Web server: Apache 2.4.18
Database: mysql-server-core-5.7.16
PHP version: 7.0.13
Nextcloud version: (see Nextcloud admin page) 11.0.1
Updated from an older Nextcloud/ownCloud or fresh install: Update
When I re-enable it a new key is generated.
This is expected.
Did you change any of your config values in config/config.php?
I would argue that it is not expected that a new key is generated by ticking a checkbox. To me the checkbox only enables or disables the functionality. Before a new key is generated I would expect to make a confirmation of the change.
I did not change the config before getting this behaviour. However the version number was changed by the updater during the upgrade.
The Same here but we don´t have a Backup Code.....
TOTP (Google Authenticator) Bitte authentifizieren Sie sich mit dem ausgewählten zweiten Faktor. Es ist ein Fehler bei der Verifizierung des Tokens aufgetreten
TOTP (Google Authenticator) Please authenticate with the selected second factor. An error occurred while verifying the token
This is strange. So it happened like
- install twofactor_totp on Nextcloud 10
- use TOTP 2FA successfully
- update to NC11 -> TOTP stops working
- re-generate TOTP secret and re-configure smartphone app
- TOTP works again
right?
Yes.
But also
- Uncheck "Activate TOTP"
- Check "Activate TOTP"
- New code is generated.
To me this is completely broken. There is no information that things will change when i tick the check box. There is no confirmation to inform me that a change has taken place.
After activating a code is displayed, but there is no information to tell me that this code is a new one and not my previous code.
If I untick the checkbox by mistake and then tick it again my login will be broken without any confirmation or information about this change.
Correct behaviour should be that the information is retained. When I re-enable TOTP I should be given the choice to generate a new code.
Nothing should be changed without either a confirmation dialogue or a save button.
If I untick the checkbox by mistake and then tick it again my login will be broken without any confirmation or information about this change.
True. There are two things we can do to prevent this. First, password confirmation which we implemented already. Second, we should show a hint/warning.
Hi @ChristophWurst Just happened to me: Upgraded 11.0.2 to 11.0.3. While login it didn't ask me for 2FA, just login and password. After re-enabling 2FA app it works fine: login+password. then 2FA.
Hi @SkyWheel,
your problem seems unrelated. What you described sound like the issue of apps being disabled when performing an upgrade of the Nextcloud server. AFAIK this won't happen on php7.0 and newer.