Defect #36814

Can't login in after upgrading to rev. 21486

Added by ChunChang Lo 3 months ago. Updated 3 months ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Resolution: Affected version:

Description

Hello,

I previously enabled 2fa with Google Authenticator and it worked smoothly.
After upgrading to rev.21486 I can no longer log in with the ga generated code.
The error message is "Invalid or outdated code".
How can I get rid of this?
Is there a way to disable 2fa without logging into Redmine?

thanks.

2022-03-21_20-22-07.png - code shown in GA not accepted by 2fa enabling page (24.9 KB) ChunChang Lo, 2022-03-21 13:23

2022-03-24_11-28-40.png (30.5 KB) ChunChang Lo, 2022-03-24 04:30

History

#1 Updated by Go MAEDA 3 months ago

I cannot reproduce the issue for now.

You can forcefully disable two-factor authentication if you can access the console of your Redmine server. Please follow the steps below:

Go go the installation directory of Redmine and start a Rails console.

cd path/to/redmine
bin/rails c -e production

Enter the following lines in the Rails console. The example below disables two-factor authentication for the user 'jsmith'.

user = User.find_by(login: 'jsmith')
require 'redmine/twofa/base'
twofa = Redmine::Twofa::Base.new(user)
twofa.destroy_pairing_without_verify!
exit

#2 Updated by ChunChang Lo 3 months ago

Hello,

The code snippet works.

After disabling 2fa authentication for my account, it ask me to set it up again.
(I enabled this option for administrators when I tried to translate label_required_administrators, see #36606).

After I scanned the QR code in Google Authenticator and enter code shown in GA, it won't accept the code.
So, it seems that I need to disable this setting too.

Thanks in advance.

code shown in GA not accepted by 2fa enabling page

#3 Updated by ChunChang Lo 3 months ago

Hi,

I figured it out.

$ mysql -u myredmineuser -p
Enter password: myredminepassword
MariaDB [(none)]> use redmine
MariaDB [redmine]> update settings set value = 0 where name = 'twofa';

I can login to my Redmine site again. :)

It is very strange that the 2fa setting page won't accept any code from Google Authenticator & Authy.

#4 Updated by Go MAEDA 3 months ago

ChunChang Lo wrote:

It is very strange that the 2fa setting page won't accept any code from Google Authenticator & Authy.

Are the clocks of your devices correct?

#5 Updated by ChunChang Lo 3 months ago

Go MAEDA wrote:

Are the clocks of your devices correct?

yes, the system time (iphone & pc) is the same. (ntp to the same timezone, Taipei UTC+8).

just tried again, and both google authenticator & authy are failed (the 2fa settings page doesn't accept codes from the app).

the error message is the same as '2022-03-21_20-22-07.png'.

BTW, the redmine server uses UTC & all admin accounts uses Taipei UTC+8 in the account's preferences.

#6 Updated by ChunChang Lo 3 months ago

Strangely, 2fa can be enabled again after updating to rev.21497.

Also available in: Atom PDF