Comments (13)
I have exactly the same issue here on Nextcloud version 27.0.2_1.6.43 (as an app on TrueNAS from Charts) and TOTP version 9.0.0:
- The app is enabled by admin.
- User logs in and tries to enable TOTP in their settings.
- The QR code is shown and can be added to 2FA app (Google Authenticator in this case)
- The spinner beside "Enable TOTP" never stops spinning
- When the user logs out, 2FA is not enabled
- When the user logs back in, the checkbox beside "Enable TOTP" is unchecked
Tested with several users, none of them working.
from twofactor_totp.
The spinner beside "Enable TOTP" never stops spinning
there's most likely an error in nextcloud.log
from twofactor_totp.
The log shows:
{"reqId":"auBdqzS7xstdZ2OKk4C8","level":0,"time":"2023-09-06T07:11:47+00:00","remoteAddr":"10.0.81.111","user":"c4f7f426-f9ab-103c-9483-9fa59eb6e605","app":"user_ldap","method":"POST","url":"/apps/twofactor_totp/settings/enable","message":"Calling LDAP function ldap_explode_dn with parameters [\"c4f7f426-f9ab-103c-9483-9fa59eb6e605\",0]","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0","version":"27.0.2.1","data":{"app":"user_ldap"}}
immediately after the user clicks the "Enable TOTP" checkbox. Log level is on DEBUG.
Sounds like this is an issue with us using LDAP?
from twofactor_totp.
"level":0
it's just a debug notice, not an error
from twofactor_totp.
Yes, there is no other message in the log. But 2FA doesn't activate and the thing never stops spinning. Or is the log-level in NextCloud not "0 and above" and I have to set the log-level higher than 0?
from twofactor_totp.
Log level is fine. 0 means it will log everything.
I suggest to inspect the XHRs of the browser instead. There is a request sent when TOTP is enabled. See if that succeeds and what it returns.
from twofactor_totp.
Hmm, the response looks fine but there is something weird: The username is an UUID, while Nextcloud and our LDAP use firstname.lastname as UID.... could be that usernames are not correctly mapped in NC and that is an issue?
from twofactor_totp.
could be
from twofactor_totp.
Really weird, an additional message I got now suggests that the user isn't logged in, even though he clearly is when clicking the checkbox:
{"reqId":"44AXro7NRFw9PHz4YsI9","level":0,"time":"2023-09-06T13:45:07+00:00","remoteAddr":"10.0.81.111","user":"--","app":"no app in context","method":"POST","url":"/apps/twofactor_totp/settings/enable","message":"Current user is not logged in","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0","version":"27.0.2.1","exception":{"Exception":"OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotLoggedInException","Message":"Current user is not logged in","Code":401,"Trace":[{"file":"/var/www/html/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php","line":96,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\Security\\SecurityMiddleware","type":"->","args":[["OCA\\TwoFactorTOTP\\Controller\\SettingsController"],"enable"]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":129,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\MiddlewareDispatcher","type":"->","args":[["OCA\\TwoFactorTOTP\\Controller\\SettingsController"],"enable"]},{"file":"/var/www/html/lib/private/AppFramework/App.php","line":183,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[["OCA\\TwoFactorTOTP\\Controller\\SettingsController"],"enable"]},{"file":"/var/www/html/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\TwoFactorTOTP\\Controller\\SettingsController","enable",["OC\\AppFramework\\DependencyInjection\\DIContainer"],["twofactor_totp.settings.enable"]]},{"file":"/var/www/html/lib/base.php","line":1071,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/apps/twofactor_totp/settings/enable"]},{"file":"/var/www/html/index.php","line":36,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/var/www/html/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php","Line":161,"message":"Current user is not logged in","exception":{},"CustomMessage":"Current user is not logged in"}}
{"reqId":"YkhIq5nfzVkSKJfOmINp","level":0,"time":"2023-09-06T13:45:07+00:00","remoteAddr":"10.0.81.111","user":"--","app":"user_ldap","method":"GET","url":"/login?redirect_url=/apps/twofactor_totp/settings/enable","message":"Calling LDAP function ldap_explode_dn with parameters [\"c4f7f426-f9ab-103c-9483-9fa59eb6e331\",0]","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0","version":"27.0.2.1","data":{"app":"user_ldap"}}
{"reqId":"dnZ9Q44x2guG1CgrtRHt","level":0,"time":"2023-09-06T13:45:11+00:00","remoteAddr":"10.0.81.111","user":"c4f7f426-f9ab-103c-9483-9fa59eb6e331","app":"user_ldap","method":"GET","url":"/apps/twofactor_totp/settings/enable","message":"Calling LDAP function ldap_explode_dn with parameters [\"c4f7f426-f9ab-103c-9483-9fa59eb6e331\",0]","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0","version":"27.0.2.1","data":{"app":"user_ldap"}}
I highly suspect that this has to do with LDAP and incorrect mapping. I'll setup a fresh Nextcloud and pull users again from LDAP to check.
from twofactor_totp.
Hmm, it wasn't LDAP. I installed Nextcloud fresh and pulled users from LDAP again with the correct UIDs and it still doesn't work. The spinner keeps spinning, a QR code is generated and can be added to Google Authenticator but if I log out or leave the settings page, 2FA remains disabled.
When clicking the checkbox, only one request is shown in Web Developer Tools -> Network -> XHR: a POST to https://10.0.81.100:9001/apps/twofactor_totp/settings/enable with the response of:
09:22:30.658 XHRPOSThttps://10.0.81.100:9001/apps/twofactor_totp/settings/enable
[HTTP/2 200 OK 103ms]
1
{"state":1,"secret":"xxxxxxxxxxxxxx","qrUrl":"otpauth:\/\/totp\/Nextcloud%3Auser.name%4010.0.81.100%3A9001?secret=xxxxxxxxxxxxxx&issuer=Nextcloud"}
from twofactor_totp.
news?
from twofactor_totp.
Hello!
The problem is related to php, it works with the old php 8.0, I install php 8.1 and above does not work.
from twofactor_totp.
Related Issues (20)
- Error when trying to setup new device HOT 1
- NC 25 Theme issue first time setup
- Changelog in /settings/apps sidebar info, CHANGELOG.md, Releases HOT 3
- "Enable TOTP" checkbox gets ticked even if its not enabled successfully. HOT 2
- Donβt ask for TOTP when logging in using WebAuthn HOT 1
- Token unsafe in FreeOTP HOT 2
- Issue with nextcloud behind proxy HOT 1
- 2FA cannot be disabled using 'limit to groups' HOT 2
- Please bump to NC 26 HOT 4
- Dependency Dashboard
- Use authentication keys as 2nd factor HOT 1
- Provide Favicon as Image
- Fix acceptance tests HOT 1
- Possibility to enter your own secrets HOT 1
- TOTP not working HOT 1
- Problem with CalDAV auth HOT 4
- LDAP Users unable to login HOT 4
- 2FA impossible to desactivate from GUI (inconsistency between GUI status & occ status). HOT 1
- AndOTP is not available on FDroid HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from twofactor_totp.