I have a user that recently got a new phone and all of his 2fa tokens were wiped out. The user is now unable to get into my nextcloud envrionment because it was enforced vai the settings.
Does anyone have an idea what we need to do to get him back in to his nextcloud account?
As an administrator you can use the impersonate app to switch to the user profile and adjust the relevant settings, or you can use the
./occ twofactorauth:..command line tool to remove the 2fa device from the users profile.
Thanks for the quick reply, I will look into the impersonate app. As for the command line options I keep getting syntax errors every time I try to use it. Do you have any commands or switches that may help me out?
The syntax you are using seems strange.
Can you try:
sudo -u www-data php occ twofactorauth:disable 550E3E27-CCCE-43AE-8D6C-D4427EC507B7 backup_codes
sudo -u www-data php occ twofactorauth:disable 550E3E27-CCCE-43AE-8D6C-D4427EC507B7 totp
Use e.g. the following command to get a list of enabled 2fa providers for a user and to double-check that you are using the right abbreviation for it:
./occ twofactorauth:state <user>
Two-factor authentication is enabled for user XYZ
- totp <<< ?!
Thanks everyone, I was able to use the impersonate app and remove it for the user.