Disable totp via email does not work - Githubissues

RocketChat / Rocket.Chat

The communications platform that puts data protection first.

https://rocket.chat/

Other

40.38k stars 10.5k forks source link

Disable totp via email does not work #33722

Open dazoot opened 2 hours ago

dazoot commented 2 hours ago

Description:

I am trying to disable TOTP via email from the Profile -> Security page and it does not work.

Steps to reproduce:

I click My account -> Profile -> Security
I click Disable Two-factor authentication via Email.
I get a flash message that Two-factor authentication disabled but the feature is not disabled.

Expected behavior:

TOTP via Email to be disabled.

Actual behavior:

TOTP via Email remains enabled.

Server Setup Information:

Version of Rocket.Chat Server: 6.13.0
License Type: Starter
Number of Users: 10
Operating System: Debian
Deployment Method: tar
Number of Running Instances: 1
DB Replicaset Oplog: (oplog Enabled)
NodeJS Version: v14.21.3
MongoDB Version: 4.4.29

Client Setup Information

Desktop App or Browser Version: Desktop 4.1.1
Operating System: Windows

dazoot commented 2 hours ago

I was able to disable email2fa by running this query in mongo DB:

db.users.update({"username": "catalin"}, {"$unset":{"services.email2fa": 1}});