Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum
Apps | Demo | Docs | Install

how to reset 2fa for admin?

Scheduled Pinned Locked Moved Solved Support
2fa
9 Posts 4 Posters 434 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    wrote on last edited by girish
    #1

    Hello! Documentation says admin can reset 2FA for the user; but how admin's 2FA be reset, if, let's say, he lost his device?

    BrutalBirdieB 1 Reply Last reply
    0
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to potemkin_ai on last edited by
    #2

    @potemkin_ai I just did a little hacking to see if I could do that from the command line.

    ssh into your server, get root access.

    mysql -uroot -ppassword -e "select username, email, resetToken, twoFactorAuthenticationSecret, twoFactorAuthenticationEnabled from box.users";

+------------------+------------------------+------------------------------------------------------------------+------------------------------------------------------+--------------------------------+
| username         | email                  | resetToken                                                       | twoFactorAuthenticationSecret                        | twoFactorAuthenticationEnabled |
+------------------+------------------------+------------------------------------------------------------------+------------------------------------------------------+--------------------------------+
| t.test           | test@domain.tld        |                                                                  | REDACTED                                             |           1                    |
+------------------+------------------------+------------------------------------------------------------------+------------------------------------------------------+--------------------------------+

    44e1b570-5617-4752-8701-c61bd29f6dc3-image.png

    Then I disable it via mysql:

    mysql -uroot -ppassword -e "UPDATE box.users set twoFactorAuthenticationEnabled=0 where username='t.test'";

    8a534cb8-91dd-4423-aeb5-bef1596e9d11-image.png

    De Nada

    Like my work? Consider donating a drink drink. Cheers!

    BrutalBirdieB potemkin_aiP 2 Replies Last reply
    2
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to BrutalBirdie on last edited by BrutalBirdie
    #3

    @brutalbirdie
    I might be possible to do this via api.

    https://my.domain.tld/api/v1/profile/twofactorauthentication_disable

    {"password":"TheUsersPassword"}

    Testing right now.
    Nah this wont work, you need an active user session for this api call as far as I can tell.
    the top solution is working fine.

    Like my work? Consider donating a drink drink. Cheers!

    potemkin_aiP 1 Reply Last reply
    0
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    replied to BrutalBirdie on last edited by
    #4

    @brutalbirdie thanks a lot!!

    1 Reply Last reply
    2
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    replied to BrutalBirdie on last edited by
    #5

    @brutalbirdie thanks for trying a few options!

    1 Reply Last reply
    1
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    wrote on last edited by
    #6

    @BrutalBirdie is correct, setting the twoFactorAuthenticationEnabled database field for that user to 0 will remove the 2fa for that user. The next release will have a button for admins to do this from the dashboard.

    potemkin_aiP 1 Reply Last reply
    2
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    replied to nebulon on last edited by
    #7

    @nebulon thanks; how can admin reset 2FA if he can't login to the dashboard?

    girishG 1 Reply Last reply
    0
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    replied to potemkin_ai on last edited by
    #8

    @potemkin_ai It's documented in a different section at https://docs.cloudron.io/user-management/#admins . But easiest way is to just SSH and run cloudron-support --owner-login . This will give you a temporary username/password to login with. Can only be used to login once. This password will bypass any 2FA.

    I will fix the docs.

    potemkin_aiP 1 Reply Last reply
    0
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    replied to girish on last edited by
    #9

    @girish thanks a lot, that sounds just right

    1 Reply Last reply
    0

  • Login
  • Don't have an account? Register
  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login
  • Don't have an account? Register
  • Login or register to search.