Today I enforced 2FA for everyone on Nextcloud; unfortunately, nobody was able to log in. Cloudron's Nextcloud package does not come with support for 2FA with TOTP, which requires a separate Nextcloud app. Cloudron developers don't recommend manually installing and updating Nextcloud apps, so I think this app should be included by default, like other apps. Please enlighten me if I'm missing something here.
Here's the app: https://apps.nextcloud.com/apps/twofactor_totp
@nj Can you clarify why nobody can login after you enforced 2FA? The upstream app doesn't work? If so, how would packaging it as part of Cloudron solve the issue?
I didn't realize TOTP is an app in nextcloud, seems quite extreme to put security stuff as an app.
I might be wrong but I think each user has to enable and configure TOTP before you can enforce it. Did each user do that?
Otherwise, there is some help here: https://help.nextcloud.com/t/administrator-account-locked-out-due-to-2fa-enforcement/43306
Please note that the Two Factor Admin app mentioned in the thread before (see https://apps.nextcloud.com/apps/twofactor_admin) only works for MySQL (see https://github.com/ChristophWurst/twofactor_admin/issues/35) , Cloudron however uses PostgreSQL for Nextcloud...
I think the app in question is https://github.com/nextcloud/twofactor_totp and afaict it does support postgresql.
The app I mentioned is a complimentary app for admins generating a one time code for users who are locked out of a TOTP protected account. It was mentioned in the support thread I cited as a solution. This complimentary app supports MySQL only.