How to bypass recovery codes?

Nextcloud version (eg, 18.0.2): 20.0.2
Operating system and version (eg, Ubuntu 20.04): Ubuntu 18.04
Nextcloud runs in docker with the latesttag

The issue you are facing:

A few days ago I was reconfiguring authentication to Nextcloud, got interrupted, and today I wanted to authenticate to the web site (the Windows client does synch up fine).

I was greeted with

This means that the administrator (= me) requested two-factor authentication but my account is not set with 2FA and that I should use a recovery key. This is surprising as it was on 2FA but I vaguely recall that I was moving from one 2FA app to another and got interrupted.

Anyway - my problem is that I do not have the recovery keys (yes, I do not know why either).

My question: how can I bypass this authentication, knowing that I have full access to Nextcloud.

Ideally, that would mean to manually reconfigure my user NOT to use 2FA so that I can log in with my password and manually set it up.

Where can I do that in the configuration?

You cannot bypass the authentication but you can disable the 2FA function using the occ command line tool. Please use the search function of the forum if you need any further information:

https://help.nextcloud.com/search?q=disable%202fa%20occ

Thank you for your help. There seems however that this does not work for docker based installations?

~ # docker exec -it nextcloud bash
root@68270011f5e0:/var/www/html# /usr/src/nextcloud/occ config:list
Nextcloud is not installed - only a limited number of commands are available

There are no commands defined in the "config" namespace.

The last line is in a red box.

I tried to remove myself (part of the admin group) from the config.php file (and restart nextcloud) via

  'twofactor_enforced' => 'false',
  'twofactor_enforced_groups' => 
  array (
  ),

but I still get the same image as before (request for codes because F2A is enforced on my account but not configured)

The occ utility works with Docker, but it has to be run inside the container. You can do it like this. Where it says “nextcloud” put the name or ID of the container.

Yes, this is what I did.
I first docker exec -it nextcloud bash and then ran, from the bash prompt within the container /usr/src/nextcloud/occ config:list.

I believe you may have been confused by my code because the formatting of the site made it look as if the first line was a comment (due to the # prompt)

Try running it as I showed in the example.

docker exec -it -u www-data nextcloud php occ

Thank you.

I managed to finally get rid of the 2FA through a combination of

docker exec -it -u www-data nextcloud php occ twofactorauth:state <user>
docker exec -it -u www-data nextcloud php occ twofactorauth:disable <user> <the providers from above one by one>
docker exec -it -u www-data nextcloud php occ twofactorauth:cleanup <again the providers one by one>

I finally ended up logging in, but the screen was all white. It was the new dashboard that requires the app “Accessibility” to be enabled (I am adding this for completeness, nothing to do with 2FA)