search

RocketChat / Rocket.Chat

The communications platform that puts data protection first.
https://rocket.chat/
Other
40.68k stars 10.66k forks source link

"Users must use Two Factor Authentication" setting does not work #27592

Open roshanr95 opened 1 year ago

roshanr95 commented 1 year ago

Description:

As in the title, "Users must use Two Factor Authentication" setting does not work.

Steps to reproduce:

  1. Enabled "Users must use Two Factor Authentication" setting on the "user" role.
  2. Created new user with "user" role.
  3. Able to log in with the new user and do everything without setting up 2FA.
  4. Nothing is enforced.

Expected behavior:

  1. Server disallows any action till 2FA is set up.
  2. When user logs in or refreshes the page, some 2FA related setup flow pops up.

Actual behavior:

Nothing, user can do everything without ever setting up 2FA,

Server Setup Information:

Client Setup Information

Not sure what this means, accessing from browser.

Relevant logs:

Few other issues mention error logs in browser or server, but no error logs seen in this case.

debdutdeb commented 1 year ago

Cannot reproduce onlatest develop.

roshanr95 commented 1 year ago

Upgraded to 5.4.2, issue is still there. Let me know what I can do to help debug.

ulope commented 1 year ago

And now it doesn't even matter anymore since versions >6.0 have removed the option to edit roles in the non enterprise version (see #27481, /edit: fixed issue link).

This constant breaking of stuff is so incredibly tiring. We're seriously tempted to suffer the pain of moving to a different chat solution just to not have to deal with this slapdash seat of the pants development model anymore.