Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. how to reset 2fa for admin?

how to reset 2fa for admin?

Scheduled Pinned Locked Moved Solved Support
2fa
9 Posts 4 Posters 1.5k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • potemkin_aiP Offline
      potemkin_aiP Offline
      potemkin_ai
      wrote on last edited by girish
      #1

      Hello! Documentation says admin can reset 2FA for the user; but how admin's 2FA be reset, if, let's say, he lost his device?

      BrutalBirdieB 1 Reply Last reply
      0
      • potemkin_aiP potemkin_ai

        Hello! Documentation says admin can reset 2FA for the user; but how admin's 2FA be reset, if, let's say, he lost his device?

        BrutalBirdieB Offline
        BrutalBirdieB Offline
        BrutalBirdie
        Partner
        wrote on last edited by
        #2

        @potemkin_ai I just did a little hacking to see if I could do that from the command line.

        ssh into your server, get root access.

        mysql -uroot -ppassword -e "select username, email, resetToken, twoFactorAuthenticationSecret, twoFactorAuthenticationEnabled from box.users";
        
        +------------------+------------------------+------------------------------------------------------------------+------------------------------------------------------+--------------------------------+
        | username         | email                  | resetToken                                                       | twoFactorAuthenticationSecret                        | twoFactorAuthenticationEnabled |
        +------------------+------------------------+------------------------------------------------------------------+------------------------------------------------------+--------------------------------+
        | t.test           | test@domain.tld        |                                                                  | REDACTED                                             |           1                    |
        +------------------+------------------------+------------------------------------------------------------------+------------------------------------------------------+--------------------------------+
        

        44e1b570-5617-4752-8701-c61bd29f6dc3-image.png

        Then I disable it via mysql:

        mysql -uroot -ppassword -e "UPDATE box.users set twoFactorAuthenticationEnabled=0 where username='t.test'";
        

        8a534cb8-91dd-4423-aeb5-bef1596e9d11-image.png

        De Nada

        Like my work? Consider donating a drink. Cheers!

        BrutalBirdieB potemkin_aiP 2 Replies Last reply
        2
        • BrutalBirdieB BrutalBirdie

          @potemkin_ai I just did a little hacking to see if I could do that from the command line.

          ssh into your server, get root access.

          mysql -uroot -ppassword -e "select username, email, resetToken, twoFactorAuthenticationSecret, twoFactorAuthenticationEnabled from box.users";
          
          +------------------+------------------------+------------------------------------------------------------------+------------------------------------------------------+--------------------------------+
          | username         | email                  | resetToken                                                       | twoFactorAuthenticationSecret                        | twoFactorAuthenticationEnabled |
          +------------------+------------------------+------------------------------------------------------------------+------------------------------------------------------+--------------------------------+
          | t.test           | test@domain.tld        |                                                                  | REDACTED                                             |           1                    |
          +------------------+------------------------+------------------------------------------------------------------+------------------------------------------------------+--------------------------------+
          

          44e1b570-5617-4752-8701-c61bd29f6dc3-image.png

          Then I disable it via mysql:

          mysql -uroot -ppassword -e "UPDATE box.users set twoFactorAuthenticationEnabled=0 where username='t.test'";
          

          8a534cb8-91dd-4423-aeb5-bef1596e9d11-image.png

          De Nada

          BrutalBirdieB Offline
          BrutalBirdieB Offline
          BrutalBirdie
          Partner
          wrote on last edited by BrutalBirdie
          #3

          @brutalbirdie
          I might be possible to do this via api.

          https://my.domain.tld/api/v1/profile/twofactorauthentication_disable
          
          {"password":"TheUsersPassword"}
          

          Testing right now.
          Nah this wont work, you need an active user session for this api call as far as I can tell.
          the top solution is working fine.

          Like my work? Consider donating a drink. Cheers!

          potemkin_aiP 1 Reply Last reply
          0
          • BrutalBirdieB BrutalBirdie

            @potemkin_ai I just did a little hacking to see if I could do that from the command line.

            ssh into your server, get root access.

            mysql -uroot -ppassword -e "select username, email, resetToken, twoFactorAuthenticationSecret, twoFactorAuthenticationEnabled from box.users";
            
            +------------------+------------------------+------------------------------------------------------------------+------------------------------------------------------+--------------------------------+
            | username         | email                  | resetToken                                                       | twoFactorAuthenticationSecret                        | twoFactorAuthenticationEnabled |
            +------------------+------------------------+------------------------------------------------------------------+------------------------------------------------------+--------------------------------+
            | t.test           | test@domain.tld        |                                                                  | REDACTED                                             |           1                    |
            +------------------+------------------------+------------------------------------------------------------------+------------------------------------------------------+--------------------------------+
            

            44e1b570-5617-4752-8701-c61bd29f6dc3-image.png

            Then I disable it via mysql:

            mysql -uroot -ppassword -e "UPDATE box.users set twoFactorAuthenticationEnabled=0 where username='t.test'";
            

            8a534cb8-91dd-4423-aeb5-bef1596e9d11-image.png

            De Nada

            potemkin_aiP Offline
            potemkin_aiP Offline
            potemkin_ai
            wrote on last edited by
            #4

            @brutalbirdie thanks a lot!!

            1 Reply Last reply
            2
            • BrutalBirdieB BrutalBirdie

              @brutalbirdie
              I might be possible to do this via api.

              https://my.domain.tld/api/v1/profile/twofactorauthentication_disable
              
              {"password":"TheUsersPassword"}
              

              Testing right now.
              Nah this wont work, you need an active user session for this api call as far as I can tell.
              the top solution is working fine.

              potemkin_aiP Offline
              potemkin_aiP Offline
              potemkin_ai
              wrote on last edited by
              #5

              @brutalbirdie thanks for trying a few options!

              1 Reply Last reply
              1
              • nebulonN Offline
                nebulonN Offline
                nebulon
                Staff
                wrote on last edited by
                #6

                @BrutalBirdie is correct, setting the twoFactorAuthenticationEnabled database field for that user to 0 will remove the 2fa for that user. The next release will have a button for admins to do this from the dashboard.

                potemkin_aiP 1 Reply Last reply
                2
                • nebulonN nebulon

                  @BrutalBirdie is correct, setting the twoFactorAuthenticationEnabled database field for that user to 0 will remove the 2fa for that user. The next release will have a button for admins to do this from the dashboard.

                  potemkin_aiP Offline
                  potemkin_aiP Offline
                  potemkin_ai
                  wrote on last edited by
                  #7

                  @nebulon thanks; how can admin reset 2FA if he can't login to the dashboard?

                  girishG 1 Reply Last reply
                  0
                  • potemkin_aiP potemkin_ai

                    @nebulon thanks; how can admin reset 2FA if he can't login to the dashboard?

                    girishG Offline
                    girishG Offline
                    girish
                    Staff
                    wrote on last edited by
                    #8

                    @potemkin_ai It's documented in a different section at https://docs.cloudron.io/user-management/#admins . But easiest way is to just SSH and run cloudron-support --owner-login . This will give you a temporary username/password to login with. Can only be used to login once. This password will bypass any 2FA.

                    I will fix the docs.

                    potemkin_aiP 1 Reply Last reply
                    0
                    • girishG girish

                      @potemkin_ai It's documented in a different section at https://docs.cloudron.io/user-management/#admins . But easiest way is to just SSH and run cloudron-support --owner-login . This will give you a temporary username/password to login with. Can only be used to login once. This password will bypass any 2FA.

                      I will fix the docs.

                      potemkin_aiP Offline
                      potemkin_aiP Offline
                      potemkin_ai
                      wrote on last edited by
                      #9

                      @girish thanks a lot, that sounds just right

                      1 Reply Last reply
                      0
                      Reply
                      • Reply as topic
                      Log in to reply
                      • Oldest to Newest
                      • Newest to Oldest
                      • Most Votes


                        • Login

                        • Don't have an account? Register

                        • Login or register to search.
                        • First post
                          Last post
                        0
                        • Categories
                        • Recent
                        • Tags
                        • Popular
                        • Bookmarks
                        • Search