How to reset 2FA?

[lev-apeiros]

What is the way to reset the 2FA for admin account from the DB?

[omohokcoj]

@lev-apeiros run docker exec -it <app-name> /app/bin/rails r "User.update_all(otp_secret: nil, otp_required_for_login: false)"

get app-name via docker ps

[lev-apeiros]

I didn't mention, but the application is running on Google Cloud Run.

[omohokcoj]

@lev-apeiros you can also reset it via SQL: UPDATE users SET otp_secret = NULL, otp_required_for_login = false;

[lev-apeiros]

Google Cloud Run is a fully managed service and there is no way to run commands on the container. Is there a flag I can pass when deploying the image to temporarily disable 2FA? This happened when I created a different environment for docuseal and enabled 2FA there - it just overwritten my previous seed and now I'm stuck out of production environment.

[omohokcoj]

@lev-apeiros you should be able to connect to the database and run the UPDATE query Also use Environment variable to configure the app sincegoogle cloud run doesn't provide a persistant storage: https://www.docuseal.co/docs/configuring-docuseal-via-environment-variables

[lev-apeiros]

It is configured to use Google Cloud Storage as the storage. I also tried to manually download db.sqlite3, edit the users table and upload again, but looks like it has no impact.

[omohokcoj]

@lev-apeiros afaik db.sqlite3 will be removed on google lcoud run app restart since it doesn't provide a persistant storage you need to connect to a persistant postgresql DB via ENV variables - your current google cloud run setup seems to be not viable.

[lev-apeiros]

Google Cloud Run provides a persistent storage by mounting a volume that is mapped to Google Cloud Storage bucket.

I think there must be a way for an administrator to be able to reset other users 2FA. What do you think?

[lev-apeiros]

We were able to remove the user that lost the 2FA seed and add it again, but for some reason they still asked to write the 6-digits code after password reset.

[omohokcoj]

@lev-apeiros yeah i think we need to allow admins to reset 2fa of the users - looks like there are no easy ways to do it via google cloud run where everything is isolated. We will make it possible in the next release

[omohokcoj]

@lev-apeiros we decided to not allow users reset 2FA - for on-premise users it's possible just to update a column in the DB to reset 2FA, for Cloud users they need to email support@ and provide enough evidences so that we can reset their 2FA