New User can't setup 2FA when "Require 2FA" is ticked in server config

immense / Remotely

A remote control and remote scripting solution, built with .NET 8, Blazor, and SignalR.

GNU General Public License v3.0

4.28k stars 1.6k forks source link

New User can't setup 2FA when "Require 2FA" is ticked in server config #857

Closed TJP507 closed 7 hours ago

TJP507 commented 3 months ago

I'm running Remotely 2024.02.23.1927 in Docker, running on my Proxmox cluster. Using official docker image. I have my master server admin account setup and had no issues with the setup.

Next, I enabled 2FA for my server admin account, verified I could login and no issues at all.

I created a new user and sent them the link. They click the link, it prompts for a password, and then asks them to "enable 2FA." When they click the button to "enable 2FA," nothing happens. No loading symbol. Nothing. The button is linked to https://remotely.MYDOMAIN.com/Account/Manage/TwoFactorAuthentication.

I can reproduce the issue with other emails, computers and web browsers of various versions. Can also reproduce on multiple android web browsers.

If I turn off the "Require 2FA" check box, the user can login, go to the account section, setup the 2FA code, and then log out. If I enable "Require 2FA" again, that user will be able to login normally. However I have to disable the "Require 2FA" box fore creation of every user.

AllevatoreAnonimo commented 3 months ago

On clean installation same problem, once you activate the entry from the admin user you get stuck on this screen with no way to go further. So it is not usable. I try to test other container versions. My configuration is a CT ubuntu-22.04 under proxmox.

Update: Tested build 88: same problem Tested build 87: same problem Tested build 86: same problem Tested build 84: not started (Probably because CT is not compatible with docker-compose)

I haven't been to try any others, I think it's really all the docker-compose-based versions that have this bug.

AllevatoreAnonimo commented 3 months ago

Tested version 69: I used the old procedure for installation

sudo apt install docker.io -y
sudo newgrp docker
sudo usermod -aG docker <user>.
sudo mkdir -p /var/www/remotely
sudo docker run -d --name remotely --restart unless-stopped -p 5000:5000 -v /var/www/remotely:/remotely-data immybot/remotely:69
sudo docker ps

Unfortunately more bugs come up with this version, the agent at download is generated broken, but at least OTP works. I used a work-around to download the client and with a batch as reported by issue #735, in combination with a batch I install the client

set id_oganization=<ID_Organization>
set site_url=https://<site_url>

Remotely_Installer.exe -install -quiet -organizationid "%id_oganization%" -serverurl "%site_url%"

I hope the translator didn't break some procedure....

elightcap commented 1 month ago

Is there a way to disable this through config? it was enabled and i didnt have mfa setup, now i cannot get in to disable it.

AllevatoreAnonimo commented 1 month ago

Is there a way to disable this through config? it was enabled and i didnt have mfa setup, now i cannot get in to disable it.

At the moment I have not found a solution to this problem, the only one would be to log in with a profile without double authentication and with privileges to do so.

elightcap commented 1 month ago

Is there a way to disable this through config? it was enabled and i didnt have mfa setup, now i cannot get in to disable it.

At the moment I have not found a solution to this problem, the only one would be to log in with a profile without double authentication and with privileges to do so.

I figured it out. You can edit the database directly, theres a table called KeyValueRecords. In there you can Require2FA to false.

klar574 commented 1 month ago

Damn, how do I manage to deactivate 2FA under a Docker container? I just locked myself out :-(

elightcap commented 1 month ago

Damn, how do I manage to deactivate 2FA under a Docker container? I just locked myself out :-(

See my above reply. you can edit the database, which should be somewhere on the container host. The default instructions have it mounted from /var/www/remotely

mrprofessork commented 1 month ago

Is there a way to disable this through config? it was enabled and i didnt have mfa setup, now i cannot get in to disable it.

At the moment I have not found a solution to this problem, the only one would be to log in with a profile without double authentication and with privileges to do so.

I figured it out. You can edit the database directly, theres a table called KeyValueRecords. In there you can Require2FA to false.

Hi I am having the same issue, I found the table and I can see the value, but when I try to update the record, i keep getting "Error: no such column: Require2FA" obviously I am doing something wrong here, How did you manage to update the record? I am on linux terminal btw

mrprofessork commented 1 month ago

Is there a way to disable this through config? it was enabled and i didnt have mfa setup, now i cannot get in to disable it.

At the moment I have not found a solution to this problem, the only one would be to log in with a profile without double authentication and with privileges to do so.

I figured it out. You can edit the database directly, theres a table called KeyValueRecords. In there you can Require2FA to false.

Hi I am having the same issue, I found the table and I can see the value, but when I try to update the record, i keep getting "Error: no such column: Require2FA" obviously I am doing something wrong here, How did you manage to update the record? I am on linux terminal btw

ACtually, I figured it out, Thanks!

bitbound commented 7 hours ago

This should be fixed in the latest release.