Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Trying to enable/disable 2fa fails with "security token" error #13863

Closed
paladox opened this issue Dec 14, 2018 · 5 comments
Closed

Trying to enable/disable 2fa fails with "security token" error #13863

paladox opened this issue Dec 14, 2018 · 5 comments
Labels
answered For when a question was asked and we referred to forum or answered it.

Comments

@paladox
Copy link
Contributor

paladox commented Dec 14, 2018

Hi, we checked out "3.8.0-b4" for the new 2fa feature. (since we tried out the plugin but needed to disable it for a account which core had support for). But since upgrading to 3.8.0-b4 users cannot disable it from their account if they previously have done that or new users cannot enable it on their account.

When we get to the enter password to confirm prompt it fails afterwards with "Could not verify the security token on this form."

@tsteur
Copy link
Member

tsteur commented Dec 15, 2018

Where exactly does this happen? Is this when setting 2FA up or when trying to log in? Might be related to DB sessions being used now.

@paladox
Copy link
Contributor Author

paladox commented Dec 15, 2018

We seemed to got this working. Existing users who used the 2fa plugin (before we upgraded to the beta that included the 2fa) had this problem. We ran the console that disables 2fa for that user and then it worked.

@tsteur
Copy link
Member

tsteur commented Dec 16, 2018

Thanks. Could you maybe let us know where this problem happened? Also do you remember if you executed the update through the UI or the command console?

@paladox
Copy link
Contributor Author

paladox commented Dec 16, 2018

The problem seemed to happen when we installed the 2fa plugin. Then we upgraded to the 3.8 beta after noticing that it supported 2fa natively. (we needed to unlock someones account with the 2fa console command). This affected https://matomo.miraheze.org but seems to work now :).

We updated from 3.7 to 3.8 beta from doing git checkout <3.8 beta branch> (and then the db update through the ui), and the console command we ran to fix it was ./console twofactorauth:disable-2fa-for-user --login=user

@tsteur
Copy link
Member

tsteur commented Dec 16, 2018

Thanks for letting us know 👍 I'll close the issue for now and will reopen and investigate further if someone else experiences this problem.

@tsteur tsteur closed this as completed Dec 16, 2018
@tsteur tsteur added the answered For when a question was asked and we referred to forum or answered it. label Dec 16, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
answered For when a question was asked and we referred to forum or answered it.
Projects
None yet
Development

No branches or pull requests

2 participants