Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TOTP Required [totp-required]","errorType":"totp-required" #18822

Closed
gcommit opened this issue Sep 8, 2020 · 8 comments
Closed

TOTP Required [totp-required]","errorType":"totp-required" #18822

gcommit opened this issue Sep 8, 2020 · 8 comments

Comments

@gcommit
Copy link

gcommit commented Sep 8, 2020
edited
Loading

Description:

The new version 3.6.0 is working fine when i update an existing instance. But i am not able to start new ones. I am running automated scripts to build up my docker container whenever i want to. But it fails since 2FA is forced (if i understand it right) it fails at the point, where i want to change things like SiteURL or Admin user
https://rocket.chat/all-aboard-rocket-chat-3-6-is-here/
"If you’re changing an important setting on your Admin panel or resetting an E2E Key, our system will now ask you for a 2-Factor Authentication code to proceed with the changes."

This breaks the whole automatism thing... Correct me if i am wrong.

Steps to reproduce:

  1. Start RC in 3.6
  2. try to create Admin user or reset settings like SiteURL
  3. enjoy TOTP errors

Expected behavior:

No 2FA forced - because i think a lot of people are using automated setups, you can't use 2FA that way ...

Actual behavior:

RC does not start.

Server Setup Information:

  • Version of Rocket.Chat Server: 3.6.0
  • Operating System: node:12.18-slim docker
  • Deployment Method: docker
  • Number of Running Instances: >10
  • DB Replicaset Oplog:
  • NodeJS Version: 12.18
  • MongoDB Version: v3.6.13

Relevant logs:

infos of customer-admin:
rocketchat_1  | {"user":{"_id":"XXXXXXXXX","createdAt":"2020-09-08T08:41:14.283Z","name":"Administrator","username":"admin","status":"offline","utcOffset":0,"active":true,"emails":[{"address":"example@mail.de","verified":false}],"type":"user","services":{},"roles":["admin"]},"success":true}

update customer-admin:
rocketchat_1  | {"success":false,"error":"TOTP Required [totp-required]","errorType":"totp-required","details":{"method":"password","codeGenerated":false,"availableMethods":[]}}

infos of general channel:
rocketchat_1  | {"channel":{"_id":"GENERAL","ts":"2020-09-08T08:41:13.861Z","t":"c","name":"general","usernames":[],"msgs":0,"usersCount":0,"default":true,"_updatedAt":"2020-09-08T08:41:13.861Z"},"success":true}

invite admin to general channel:
rocketchat_1  | {"channel":{"_id":"GENERAL","ts":"2020-09-08T08:41:13.861Z","t":"c","name":"general","usernames":[],"msgs":1,"usersCount":1,"default":true,"_updatedAt":"2020-09-08T08:41:20.709Z"},"success":true}

reset Site_Url:
rocketchat_1  | {"success":false,"error":"TOTP Required [totp-required]","errorType":"totp-required","details":{"method":"password","codeGenerated":false,"availableMethods":[]}}

rocketchat_1  | Customer admin could not be created - Aborting!
@close-issue-app
Copy link

This issue was closed because it does not use our bug report issue template.

Please make sure to use it and fill it as much as you can so we can provide better and faster support.

The following sections must not be removed, or else the BOT will close it immediately again:

  • Steps to reproduce
  • Expected behavior
  • Actual behavior
  • Server Setup Information

@gcommit
Copy link
Author

gcommit commented Sep 8, 2020

wow

@cs35-owncloud
Copy link

Hello,

lol ...
I have the same problem, I use the API to configure several instances. For curent ones it works, for new ones it fails with the TOTP error.
I don't get why you would force 2FA when it's not set specifically, how should we proceed for automation ?
It really messes up the installation process ...

@gcommit Did you find some workaround ? Thanks.

@cs35-owncloud
Copy link

Nevermind, I found the other thread.

@gcommit
Copy link
Author

gcommit commented Sep 21, 2020

In fact, i did ;)
Glad i am not alone, seeing something like this as critical:

Solution 1): environment variable called Accounts_TwoFactorAuthentication_Enforce_Password_Fallback set to false to disable this new behavior of asking the password as 2FA introduced at 3.6.0

Solution 2):
I had some curl calls in my install script, which were missing parameters, especially creating users and letting them joining rooms. Here is the solution:

sha256password=$(echo -n "MyAdminPassword" | sha256sum | awk '{print $1}')
return_msg=$(curl -H "X-Auth-Token: $authToken" \
         -H "X-User-Id: $userId" -H "x-2fa-code:$sha256password" -H "x-2fa-method:password"\
         -H "Content-type:application/json" \
         http://localhost:3100/api/v1/settings/Site_Url \
         -d '{"value": "'$ROOT_URL'"}')
echo $return_msg

Add a x-2fa-code header, with password and x-2fa-method header with password as method. Note: The password needs to be a sha256 hash of the actual password

@cs35-owncloud
Copy link

Thanks @gcommit I'll try the first solution since I've wasted already quite some time and implement the second one some day ...

shiqimei added a commit that referenced this issue Jan 15, 2021
@shiqimei
Fix TOTP Required [totp-required] issue
117da01 
* Ref: #18822
@delatorremario
Copy link

Adminstration -> Settings -> Accounts -> Disable Two Factor Authentication

@meetmatt
Copy link

meetmatt commented Jul 7, 2023

Thank you @delatorremario!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@meetmatt @delatorremario @gcommit @cs35-owncloud