Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix console command to disable 2FA for a user #18947

Closed
zipus opened this issue Mar 15, 2022 · 3 comments · Fixed by #19150
Closed

Fix console command to disable 2FA for a user #18947

zipus opened this issue Mar 15, 2022 · 3 comments · Fixed by #19150
Assignees
@sgiehl
Labels
Regression Indicates a feature used to work in a certain way but it no longer does even though it should.
Milestone
4.10.0

Comments

@zipus
Copy link

zipus commented Mar 15, 2022

When I disable 2FA for my admin user I receive the following traceback:

/var/www/html # ./console twofactorauth:disable-2fa-for-user --login="zipus"
ERROR [2022-03-15 21:05:07] 71157  Uncaught exception in API: /var/www/html/core/API/Proxy.php(436): Please specify a value for 'passwordConfirmation'. [Query: , CLI mode: 1]
ERROR [2022-03-15 21:05:07] 71157  Uncaught exception: /var/www/html/core/API/Proxy.php(436): Please specify a value for 'passwordConfirmation'. [Query: , CLI mode: 1]


                                                      
  [Exception]                                         
  Please specify a value for 'passwordConfirmation'.  
                                                      


twofactorauth:disable-2fa-for-user [--login="..."]


/var/www/html #

It's running from

  • Matomo Version: 4.4.1
  • Image: matomo:fpm-alpine
  • Server Operating System: Linux with Docker
@zipus zipus added the Potential Bug Something that might be a bug, but needs validation and confirmation it can be reproduced. label Mar 15, 2022
@sgiehl sgiehl added Regression Indicates a feature used to work in a certain way but it no longer does even though it should. and removed Potential Bug Something that might be a bug, but needs validation and confirmation it can be reproduced. labels Mar 16, 2022
@sgiehl
Copy link
Member

sgiehl commented Mar 16, 2022

hi @zipus. Thanks for creating this issue. I was able to reproduce that using the latest version. It seems the command for disabling 2fa for a user is currently broken.
The problem seems to be this code:

matomo/plugins/TwoFactorAuth/Commands/Disable2FAForUser.php

Lines 31 to 33 in 284bdc0

Request::processRequest('TwoFactorAuth.resetTwoFactorAuth', array(
'userLogin' => $login
));

As the API requires a password confirmation, this can't work. We could possibly use this instead:

StaticContainer::get(TwoFactorAuthentication::class)->disable2FAforUser($login);

@MeiKatz
Copy link

MeiKatz commented Apr 14, 2022

Is there currently any workaround? Maybe by setting / deleting some values in the database?

@sgiehl sgiehl added the Needs priority decision This issue may need to be added to the current milestone by Product Manager label Apr 14, 2022
@sgiehl
Copy link
Member

sgiehl commented Apr 14, 2022

@MeiKatz clearing the twofactor_secret column in the matomo_user table for the specific user should do the trick I guess.

@justinvelluppillai justinvelluppillai added this to the 4.10.0 milestone Apr 22, 2022
@justinvelluppillai justinvelluppillai removed the Needs priority decision This issue may need to be added to the current milestone by Product Manager label Apr 22, 2022
@sgiehl sgiehl mentioned this issue Apr 28, 2022
Merged
11 tasks
@sgiehl sgiehl self-assigned this Apr 28, 2022
@justinvelluppillai justinvelluppillai changed the title value for passwordConfirmation on disable2fa Fix console command to disable 2FA for a user May 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sgiehl sgiehl

Labels
Regression Indicates a feature used to work in a certain way but it no longer does even though it should.
Projects
None yet
Milestone
4.10.0
Development

Successfully merging a pull request may close this issue.

Fix command to disable 2fa for a user matomo-org/matomo
4 participants
@zipus @MeiKatz @justinvelluppillai @sgiehl