Get 2FA recovery codes

Discussion in 'Installation/Configuration' started by pzajda, Nov 23, 2022.

  1. pzajda

    pzajda Member HowtoForge Supporter

    Hello,

    I enabled 2FA in tools->user settings for admin account.
    I have no problem to connect and receive the 2FA code but I never had any recovery codes.

    The first time I enabled 2FA, the admin e-mail was not set correctly so after I set it and tested to use 2FA right, I tried to disable, click save, enable 2FA again then click save but no recovery code by mail or displayed.

    How to obtain 2FA recovery codes in the case I would have issue to receive the mail?
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    They can be found in the database: dbispconfig > sys_user > otp_recovery for your user.
     
  3. pzajda

    pzajda Member HowtoForge Supporter

    It looks like admin user has not any recovery code in my case:
    Code:
    MariaDB [dbispconfig]> select otp_recovery from sys_user where username="admin";
    +--------------+
    | otp_recovery |
    +--------------+
    | NULL         |
    +--------------+
    1 row in set (0.000 sec)
    MariaDB [dbispconfig]> select `otp_type` from sys_user where username='admin';
    +----------+
    | otp_type |
    +----------+
    | email    |
    +----------+
    1 row in set (0.001 sec)
    
    Or do I miss something again?
     
    Aldo Giove likes this.
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    That's weird. I have not tested around with the new feature yet, but probably will do so in the upcoming week, and can then look into this. Feel free to remind me ;)
     
    pzajda likes this.
  5. pzajda

    pzajda Member HowtoForge Supporter

    @Th0m did you have some time to test? :)
     
  6. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Not yet. But soon!
     
    Aldo Giove and pzajda like this.
  7. Aldo Giove

    Aldo Giove New Member

    Hi, I've got the same issue here: no recovery codes for every user.
    Code:
    MariaDB [dbispconfig]> select otp_recovery from sys_user;
    +--------------+
    | otp_recovery |
    +--------------+
    | NULL         |
    | NULL         |
    | NULL         |
    | NULL         |
    | NULL         |
    | NULL         |
    | NULL         |
    | NULL         |
    +--------------+
    8 rows in set (0,000 sec)
    
    Kind regards
    Aldo
     
  8. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    OK, I looked into the code. I think currently there is no recovery code handling, would need to check that with the dev that wrote this. So if emails would not be received, a manual database intervention would be necessary right now. Not ideal.
     
    Aldo Giove likes this.
  9. Aldo Giove

    Aldo Giove New Member

    BTW, I can't figure out how to use an app like google authenticator in place of the email. Is it possible?
    Kind regards
    Aldo
     
  10. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    No, that is not yet supported.
     
    Aldo Giove likes this.

Share This Page