Hi, we checked out "3.8.0-b4" for the new 2fa feature. (since we tried out the plugin but needed to disable it for a account which core had support for). But since upgrading to 3.8.0-b4 users cannot disable it from their account if they previously have done that or new users cannot enable it on their account.
When we get to the enter password to confirm prompt it fails afterwards with "Could not verify the security token on this form."
Where exactly does this happen? Is this when setting 2FA up or when trying to log in? Might be related to DB sessions being used now.
We seemed to got this working. Existing users who used the 2fa plugin (before we upgraded to the beta that included the 2fa) had this problem. We ran the console that disables 2fa for that user and then it worked.
Thanks. Could you maybe let us know where this problem happened? Also do you remember if you executed the update through the UI or the command console?
The problem seemed to happen when we installed the 2fa plugin. Then we upgraded to the 3.8 beta after noticing that it supported 2fa natively. (we needed to unlock someones account with the 2fa console command). This affected https://matomo.miraheze.org but seems to work now :).
We updated from 3.7 to 3.8 beta from doing git checkout <3.8 beta branch> (and then the db update through the ui), and the console command we ran to fix it was
./console twofactorauth:disable-2fa-for-user --login=user
Thanks for letting us know 👍 I'll close the issue for now and will reopen and investigate further if someone else experiences this problem.