@paladox opened this Issue on December 14th 2018

Hi, we checked out "3.8.0-b4" for the new 2fa feature. (since we tried out the plugin but needed to disable it for a account which core had support for). But since upgrading to 3.8.0-b4 users cannot disable it from their account if they previously have done that or new users cannot enable it on their account.

When we get to the enter password to confirm prompt it fails afterwards with "Could not verify the security token on this form."

@tsteur commented on December 15th 2018 Member

Where exactly does this happen? Is this when setting 2FA up or when trying to log in? Might be related to DB sessions being used now.

@paladox commented on December 15th 2018

We seemed to got this working. Existing users who used the 2fa plugin (before we upgraded to the beta that included the 2fa) had this problem. We ran the console that disables 2fa for that user and then it worked.

@tsteur commented on December 16th 2018 Member

Thanks. Could you maybe let us know where this problem happened? Also do you remember if you executed the update through the UI or the command console?

@paladox commented on December 16th 2018

The problem seemed to happen when we installed the 2fa plugin. Then we upgraded to the 3.8 beta after noticing that it supported 2fa natively. (we needed to unlock someones account with the 2fa console command). This affected https://matomo.miraheze.org but seems to work now :).

We updated from 3.7 to 3.8 beta from doing git checkout <3.8 beta branch> (and then the db update through the ui), and the console command we ran to fix it was ./console twofactorauth:disable-2fa-for-user --login=user

@tsteur commented on December 16th 2018 Member

Thanks for letting us know 👍 I'll close the issue for now and will reopen and investigate further if someone else experiences this problem.

This Issue was closed on December 16th 2018
Powered by GitHub Issue Mirror