https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292022-03-21T11:53:12ZRedmineRedmine - Defect #36814: Can't login in after upgrading to rev. 21486https://www.redmine.org/issues/36814?journal_id=1060612022-03-21T11:53:12ZGo MAEDA
<ul></ul><p>I cannot reproduce the issue for now.</p>
<p>You can forcefully disable two-factor authentication if you can access the console of your Redmine server. Please follow the steps below:</p>
<p>Go go the installation directory of Redmine and start a Rails console.<br /><pre>
cd path/to/redmine
bin/rails c -e production
</pre></p>
<p>Enter the following lines in the Rails console. The example below disables two-factor authentication for the user 'jsmith'.<br /><pre>
user = User.find_by(login: 'jsmith')
require 'redmine/twofa/base'
twofa = Redmine::Twofa::Base.new(user)
twofa.destroy_pairing_without_verify!
exit
</pre></p> Redmine - Defect #36814: Can't login in after upgrading to rev. 21486https://www.redmine.org/issues/36814?journal_id=1060632022-03-21T12:34:10ZChunChang (Nagaharu) Lo
<ul><li><strong>File</strong> <a href="/attachments/28979">2022-03-21_20-22-07.png</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/28979/2022-03-21_20-22-07.png">2022-03-21_20-22-07.png</a> added</li></ul><p>Hello,</p>
<p>The code snippet works.</p>
<p>After disabling 2fa authentication for my account, it ask me to set it up again.<br />(I enabled this option for administrators when I tried to translate label_required_administrators, see <a class="issue tracker-3 status-5 priority-4 priority-default closed" title="Patch: Traditional Chinese translation (to r21403) (Closed)" href="https://www.redmine.org/issues/36606">#36606</a>).</p>
<p>After I scanned the QR code in Google Authenticator and enter code shown in GA, it won't accept the code.<br />So, it seems that I need to disable this setting too.</p>
<p>Thanks in advance.</p>
<p><img src="https://www.redmine.org/attachments/download/28979/2022-03-21_20-22-07.png" title="code shown in GA not accepted by 2fa enabling page" alt="code shown in GA not accepted by 2fa enabling page" /></p> Redmine - Defect #36814: Can't login in after upgrading to rev. 21486https://www.redmine.org/issues/36814?journal_id=1060642022-03-21T13:07:51ZChunChang (Nagaharu) Lo
<ul></ul><p>Hi,</p>
<p>I figured it out.</p>
<p>$ mysql -u myredmineuser -p<br />Enter password: myredminepassword<br />MariaDB [(none)]> use redmine<br />MariaDB [redmine]> update settings set value = 0 where name = 'twofa';</p>
<p>I can login to my Redmine site again. :)</p>
<p>It is very strange that the 2fa setting page won't accept any code from Google Authenticator & Authy.</p> Redmine - Defect #36814: Can't login in after upgrading to rev. 21486https://www.redmine.org/issues/36814?journal_id=1060822022-03-22T04:31:31ZGo MAEDA
<ul></ul><p>ChunChang Lo wrote:</p>
<blockquote>
<p>It is very strange that the 2fa setting page won't accept any code from Google Authenticator & Authy.</p>
</blockquote>
<p>Are the clocks of your devices correct?</p> Redmine - Defect #36814: Can't login in after upgrading to rev. 21486https://www.redmine.org/issues/36814?journal_id=1060832022-03-22T06:09:13ZChunChang (Nagaharu) Lo
<ul></ul><p>Go MAEDA wrote:</p>
<blockquote>
<p>Are the clocks of your devices correct?</p>
</blockquote>
<p>yes, the system time (iphone & pc) is the same. (ntp to the same timezone, Taipei UTC+8).</p>
<p>just tried again, and both google authenticator & authy are failed (the 2fa settings page doesn't accept codes from the app).</p>
<p>the error message is the same as '2022-03-21_20-22-07.png'.</p>
<p>BTW, the redmine server uses UTC & all admin accounts uses Taipei UTC+8 in the account's preferences.</p> Redmine - Defect #36814: Can't login in after upgrading to rev. 21486https://www.redmine.org/issues/36814?journal_id=1061292022-03-24T03:32:27ZChunChang (Nagaharu) Lo
<ul><li><strong>File</strong> <a href="/attachments/29003">2022-03-24_11-28-40.png</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/29003/2022-03-24_11-28-40.png">2022-03-24_11-28-40.png</a> added</li></ul><p>Strangely, 2fa can be enabled again after updating to rev.21497.</p>
<p><img src="https://www.redmine.org/attachments/download/29003/2022-03-24_11-28-40.png" alt="" /></p> Redmine - Defect #36814: Can't login in after upgrading to rev. 21486https://www.redmine.org/issues/36814?journal_id=1072202022-07-04T13:30:13ZGo MAEDA
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Resolution</strong> set to <i>Cant reproduce</i></li></ul> Redmine - Defect #36814: Can't login in after upgrading to rev. 21486https://www.redmine.org/issues/36814?journal_id=1073432022-07-18T09:54:54ZJan Catrysse
<ul></ul><p>It seems I have the same issue, I am on 4.2.3-stable.</p>
<p>I never had any issues, and now it seems people cannot longer activate 2FA: Code is invalid or outdated.</p>
<p>I observe it DOES work when 2FA is optional and users are using the account settings. If 2FA is required, and users get the forced 2FA prompt, it doesn't work.</p>
<p>I also notice, it does seem to work on my test environment (other servers, same Redmine version). ROTP gem is 6.2.0, other gems are the same version.<br />Both servers are on CEST and time synced. (Could DST play a role? We activated most accounts before summer time)</p>
<p>Could someone point me in a direction?</p> Redmine - Defect #36814: Can't login in after upgrading to rev. 21486https://www.redmine.org/issues/36814?journal_id=1073442022-07-18T10:28:15ZJan Catrysse
<ul></ul><p>Correction:<br />The behavior on production seems to be the same for manual or forced 2FA activation.</p>
<p>This morning, multiple users were unable to activate 2FA, and now it only blocks from time to time.<br />This resembles a time sync issue... but all devices / servers are synchronized perfectly. Timezone is CEST (Belgium)</p>
<p>I tried again on my test environment, same behavior. The code is not working from time to time... but independently of the moment I use the code (beginning, middle or end of the 30 second timeframe)</p>
<p>Could this be a Google Authenticator issue?</p> Redmine - Defect #36814: Can't login in after upgrading to rev. 21486https://www.redmine.org/issues/36814?journal_id=1085662022-11-19T20:02:52ZJangwon Han
<ul><li><strong>File</strong> <a href="/attachments/29928">2fa.PNG</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/29928/2fa.PNG">2fa.PNG</a> added</li></ul><p>Looks like reusing the 2fa scheme is causing the issue.<br />I made a change like below to resolve the issue. (redmine/app/controllers/application_controller.rb)</p>
<p><img src="https://www.redmine.org/attachments/download/29929/2fa2.PNG" alt="" /></p>
<p>Please make sure that you reboot your redmine server after the change.</p>
<p>Thanks.</p> Redmine - Defect #36814: Can't login in after upgrading to rev. 21486https://www.redmine.org/issues/36814?journal_id=1085672022-11-19T20:19:28ZJangwon Han
<ul><li><strong>File</strong> <a href="/attachments/29929">2fa2.PNG</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/29929/2fa2.PNG">2fa2.PNG</a> added</li></ul>