Admin Locked Out Due to 2FA (OD-2301)

Zach Queal opened 10 months ago

The administrative option check this to enable two-factor authentication for all users in the system is ambiguous to me. I enabled it believing that it would allow users to enable 2FA for their accounts, not that it would force all users to enable 2FA or be unable to login.

That in and of itself wasn't a big deal. The issue came when I enabled this option and was locked out of my account. Perhaps due to misconfiguration with a timeserver somewhere, 2FA codes weren't working at all. Oh well, not a big deal. Looks like you can just reset the admin password to disable 2FA... But upon trying, there's an error;

[root@dev bin]# ./reset-admin-password.sh {password}
Running OneDev Reset Admin Password...
reset-admin-password.sh: line 1801: /var/lib/docker/volumes/onedev/bin/../boot/wrapper-linux-x86-64: cannot execute: required file not found

This means it was impossible for me to recover my account and I had to completely re-install OneDev. So this issue is two-fold;

Notify users that enabling the 2FA administrative option will immediately force users to enable 2FA (so you better make sure 2FA is gonna work)
Fix the ability for admins to reset admin passwords via SSH

Activities

Robin Shen commented 10 months ago

For issue 1: Will use phrase enforce instead of enable

For issue 2: Keep OneDev server running, and exec into the container, and run /opt/onedev/bin/reset-admin-password <new password>. This will reset admin password and clear 2FA status (but need to set up again)

👍 1
Zach Queal changed state to 'Closed' 10 months ago
Previous Value Current Value
Open

Closed
Login to comment

Previous Value	Current Value
Open	Closed

Type	Bug
Priority	Normal
Assignee	Robin Shen
Affected Versions	OneDev 11.7.2 (docker)
Labels	No labels

Issue Votes (0)

Watchers (2)

Reference

OD-2301