Guest login failes when setting up 2 factor auth

flotillaropes · November 17, 2019, 6:25pm

[/details]

Nextcloud version 17.0.1
Operating system and version Rasperian Buster
Apache or nginx version Nginx 1.14.2
PHP version 7.3.11

The issue you are facing:

System hangs when a guest user attempts to setup 2 factor authentication. Guest just sees a spinning circle indefinitely

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

Admin settings. Enforce 2 factor for guest-app group

Share a file by creating a guest account. Dialog displays and enter name and email.
Admin creates a password for the guest account and communicates this to the guest user
Guest receives email with share. Clicks the link and is shown the login page.
Guest logs in and is presented with an option to setup 2 factor authentication. Guest clicks to setup and is shown a spinning circle indefinitely

The output of your Nextcloud log in Admin > Logging:

[PHP] Error: Undefined index: redirect_url at /var/www/nextcloud/core/templates/twofactorsetupselection.php#36

GET /login/setupchallenge?redirect_url=/f/88098
from 192.168.1.1 by guest.mail@email.net at 2019-11-17T10:12:14-08:00

flotillaropes · December 5, 2019, 7:57pm

Some help on this issue please. Thank you.

tux1c0 · August 17, 2020, 2:25pm

Hi

I have the same issue. From my researches, it appears that some rights are not given to the group guest_app to read some pages.
When loading the first page where we have to select TOTP (for my case), I have main.js:1 (xhr) calling for getStatus which returns an error 500 with the following message: Access to this ressource is forbidden for guests.

When selecting the 2FA, where the circle keeps running, I have 2 pages with the same error.

getStatus
enable called from main-login-setup.js:48 (xhr)

I tried to put the guest user into a dedicated group, same issue.

Any clue?

Thanks

lkas · February 24, 2022, 4:59pm

I might out myself as incredibly stupid but hopefully this helps someone in the future:

In the settings for the “Guest Accounts” App there is an option to allow guest users access to certain apps. You can either disable that feature so that access is no longer restricted at all or alternatively add the totp apps (or whatever apps you need) to the list.