nursoda
commented
2 years ago Sorry that I did not react yet. If you want to implement a feature, I'm happy to discuss with you how. If you want to work around it, your "possible solution 1" (to enforce 2FA) is the way intended by Nextcloud. #83 will solve that. Unfortunately, the PR is stalled.
Concerning your "possible solution 2", were you looking for the user and 2FA occ commands?
occ user:list
occ user:setting <USER>
occ twofactorauth:state <USER>I also checked on my instances for which users which 2FA is activated using this script:
for u in $(php occ user:list | sed 's/^ - \(.*\):.*$/\1/')
do
php occ twofactorauth:state $u | perl -p0e 's/Disabled providers:\n(- [^\n]*\n)+//se' | perl -p0e 's/\nEnabled providers:\n//se' | sed '/not enabled/d' | sed '/^$/d'
doneAnd another script to check who hasn't (should probably be optimized since it seems to do nothing for a long time if you have many users):
php occ user:list | sed -E 's/^ - ([^:]*):.*$/\1/' | while read i; do php occ twofactorauth:state $i; done | grep "is not ena" | sed -E 's/^.* user (.*)$/\1/'Apart from the workarounds, I rethink that there are use cases that should be implemented, like "IF email is present for every user, allow admin to enforce twofactor_email independently of user settings (and forcing the admin-provided email address to be used)". This MIGHT be a separate app though…or a SERVER PR.
Dear all,
our Nextcloud is attached to our Windows Domain and the users will be created automatically. I read some issues here about the first setup/first login of 2AF-Email and I had the same problems like e.g. in the Issue #83.
I know and understand that this app is limited and not really implement this feature but maybe somebody can give me a workaround.
My goal:
I want to enforce 2FA-Mail OR i want to check that every user has 2FA activated (both can be done by a script from my side, e.g. Bash, SQL, php, etc.)
Has anybody a tipp for me where to find these informations?
Best regards
Rainer