Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved how to reset 2fa for admin?

    Support
    2fa
    4
    9
    365
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • potemkin_ai
      potemkin_ai last edited by girish

      Hello! Documentation says admin can reset 2FA for the user; but how admin's 2FA be reset, if, let's say, he lost his device?

      BrutalBirdie 1 Reply Last reply Reply Quote 0
      • BrutalBirdie
        BrutalBirdie Staff @potemkin_ai last edited by

        @potemkin_ai I just did a little hacking to see if I could do that from the command line.

        ssh into your server, get root access.

        mysql -uroot -ppassword -e "select username, email, resetToken, twoFactorAuthenticationSecret, twoFactorAuthenticationEnabled from box.users";
        
        +------------------+------------------------+------------------------------------------------------------------+------------------------------------------------------+--------------------------------+
        | username         | email                  | resetToken                                                       | twoFactorAuthenticationSecret                        | twoFactorAuthenticationEnabled |
        +------------------+------------------------+------------------------------------------------------------------+------------------------------------------------------+--------------------------------+
        | t.test           | test@domain.tld        |                                                                  | REDACTED                                             |           1                    |
        +------------------+------------------------+------------------------------------------------------------------+------------------------------------------------------+--------------------------------+
        

        44e1b570-5617-4752-8701-c61bd29f6dc3-image.png

        Then I disable it via mysql:

        mysql -uroot -ppassword -e "UPDATE box.users set twoFactorAuthenticationEnabled=0 where username='t.test'";
        

        8a534cb8-91dd-4423-aeb5-bef1596e9d11-image.png

        De Nada

        Like my work? Consider donating a beer 🍻 Cheers!

        BrutalBirdie potemkin_ai 2 Replies Last reply Reply Quote 2
        • BrutalBirdie
          BrutalBirdie Staff @BrutalBirdie last edited by BrutalBirdie

          @brutalbirdie
          I might be possible to do this via api.

          https://my.domain.tld/api/v1/profile/twofactorauthentication_disable
          
          {"password":"TheUsersPassword"}
          

          Testing right now.
          Nah this wont work, you need an active user session for this api call as far as I can tell.
          the top solution is working fine.

          Like my work? Consider donating a beer 🍻 Cheers!

          potemkin_ai 1 Reply Last reply Reply Quote 0
          • potemkin_ai
            potemkin_ai @BrutalBirdie last edited by

            @brutalbirdie thanks a lot!!

            1 Reply Last reply Reply Quote 2
            • potemkin_ai
              potemkin_ai @BrutalBirdie last edited by

              @brutalbirdie thanks for trying a few options!

              1 Reply Last reply Reply Quote 1
              • nebulon
                nebulon Staff last edited by

                @BrutalBirdie is correct, setting the twoFactorAuthenticationEnabled database field for that user to 0 will remove the 2fa for that user. The next release will have a button for admins to do this from the dashboard.

                potemkin_ai 1 Reply Last reply Reply Quote 2
                • potemkin_ai
                  potemkin_ai @nebulon last edited by

                  @nebulon thanks; how can admin reset 2FA if he can't login to the dashboard?

                  girish 1 Reply Last reply Reply Quote 0
                  • girish
                    girish Staff @potemkin_ai last edited by

                    @potemkin_ai It's documented in a different section at https://docs.cloudron.io/user-management/#admins . But easiest way is to just SSH and run cloudron-support --owner-login . This will give you a temporary username/password to login with. Can only be used to login once. This password will bypass any 2FA.

                    I will fix the docs.

                    potemkin_ai 1 Reply Last reply Reply Quote 0
                    • potemkin_ai
                      potemkin_ai @girish last edited by

                      @girish thanks a lot, that sounds just right

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Powered by NodeBB