OTP Two Factor in nextcloud broken after upgrade

ℹ️ Support
1

I just upgraded to latest 27.1.4 and all went well. There is one user that was using 2FA and he was getting a message “Could not load one module while trying…” His 2FA was working fine via mobile device and OTP. User decided to remove 2FA from security and enforce it back thinking it will clear the error message he was getting.

After turning OFF 2FA for his account, he logged off and trying to login he gets This message " Could not load at least one of your enabled two-factor auth methods. Please contact your admin. and prompted for backup code. He does have backup codes but none of them is working. Once a backup code is entered and clicking on login, the software says: Error while validating your second factor and he cannot login.

It appears that the setting is stuck even though he removed it from config.

How can he gain access back? The admin account is working fine

Thanks,

2

This thing is broken. Basically if a user enables 2FA for a test, he/she, cannot abandon it back. After user turned off 2FA from his security setting, I (as an admin) tried to remove the apps for OTPT and two way auth via nextcloud notification, rebooted the server and user still gets asked for backup codes and cannot login with his password only.

BTW, I have not enforced these for users, so is optional so far.

Had a snapshot of the server status before I started the upgrade and reverted to that. All is working fine now but the lesson learned is that users cannot turn off their 2FA if they choose to, otherwise they won’t be able to login.

Not sure if this is a known bug and if there’s any work to fix this.

I tried this test where I removed the “Two way authentication with Nextcloud notification” and tried to install it back and got a warning that this is designed for sqlite and mysql databases only. My db is PostgreSQL. It accepts its installation and works ok but I think this maybe the reason for the above behavior ?

Thanks,

3

Hi @ddywz,
You are missing the required support template. Please fill this form out and edit into your post.

This will give us the technical info and logs needed to help you! Thanks.

4

Sure, here is the info for the template;

Nextcloud version (eg, 26.0.1): 27.1.4
Operating system and version (eg, Ubuntu 22.04): Ubuntu 20.04.6 LTS
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.41
PHP version (eg, 8.1): 8.1
Database (sqlite or MariaDB or Postgres) PostgreSQL
Docker (compose) N/A
Snap N/A
Is this the first time you’ve seen this error? yes
The issue you are facing:

Steps to replicate it:

1. User turns ON 2FA and things work fine
2  User turns OFF 2FA, logs out and logs back in expecting to use only the password.
3. User unable to login with password. Logged back in, (used backup codes to get back in) and enable back 2FA 

The output of your Nextcloud log in Admin > Logging:

[core] Error: 1 two-factor auth providers failed to load
POST /index.php/login/challenge/twofactor_nextcloud_notification
from IP_address by username at 2023-11-27T22:01:41+00:00
[core] Error: two-factor auth provider ‘u2f’ failed to load
POST /index.php/login/challenge/twofactor_nextcloud_notification
from IP_address by username at 2023-11-27T22:01:41+00:00

The output of your config.php file in /path/to/nextcloud**
(use https://.../settings/admin/support which auto-removes identifying information!):

Server configuration detail

Operating system: Linux 5.4.0-167-generic #184-Ubuntu SMP Tue Oct 31 09:21:49 UTC 2023 x86_64

Webserver: Apache/2.4.41 (Ubuntu) (fpm-fcgi)

Database: pgsql PostgreSQL 13.13 (Ubuntu 13.13-1.pgdg20.04+1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 9.4.0-1ubuntu1~20.04.2) 9.4.0, 64-bit

PHP version: 8.1.25

Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, json, Reflection, SPL, session, standard, sodium, cgi-fcgi, PDO, xml, bcmath, bz2, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, igbinary, imagick, intl, ldap, exif, pdo_pgsql, pgsql, Phar, posix, readline, redis, shmop, SimpleXML, smbclient, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, xmlreader, xmlwriter, xsl, zip, libsmbclient, Zend OPcache

Nextcloud version: 27.1.4 - 27.1.4.1

Updated from an older Nextcloud/ownCloud or fresh install:

Where did you install Nextcloud from: unknown

Signing status

List of activated apps

Enabled:

  • activity: 2.19.0
  • admin_audit: 1.17.0
  • analytics: 4.11.1
  • announcementcenter: 6.7.0
  • appointments: 1.15.4
  • bruteforcesettings: 2.7.0
  • calendar: 4.5.3
  • camerarawpreviews: 0.8.2
  • checksum: 1.2.2
  • circles: 27.0.1
  • cloud_federation_api: 1.10.0
  • collectives: 2.9.1
  • comments: 1.17.0
  • contacts: 5.4.2
  • contactsinteraction: 1.8.0
  • cookbook: 0.10.2
  • dashboard: 7.7.0
  • dav: 1.27.0
  • drawio: 2.1.4
  • duplicatefinder: 1.1.4
  • event_update_notification: 2.2.0
  • federatedfilesharing: 1.17.0
  • federation: 1.17.0
  • files: 1.22.0
  • files_automatedtagging: 1.17.0
  • files_markdown: 2.4.1
  • files_pdfviewer: 2.8.0
  • files_reminders: 1.0.0
  • files_rightclick: 1.6.0
  • files_sharing: 1.19.0
  • files_trashbin: 1.17.0
  • files_versions: 1.20.0
  • firstrunwizard: 2.16.0
  • forms: 3.3.1
  • geoblocker: 0.5.11
  • gpxpod: 5.0.13
  • integration_openstreetmap: 1.0.6
  • logreader: 2.12.0
  • lookup_server_connector: 1.15.0
  • mail: 3.4.4
  • maps: 1.1.1
  • metadata: 0.19.0
  • news: 24.0.0
  • nextcloud_announcements: 1.16.0
  • notes: 4.8.1
  • notifications: 2.15.0
  • oauth2: 1.15.1
  • password_policy: 1.17.0
  • phonetrack: 0.7.6
  • photos: 2.3.0
  • polls: 5.4.2
  • privacy: 1.11.0
  • provisioning_api: 1.17.0
  • quota_warning: 1.17.0
  • recommendations: 1.6.0
  • registration: 2.2.0
  • related_resources: 1.2.0
  • richdocuments: 8.2.3
  • richdocumentscode: 23.5.503
  • serverinfo: 1.17.0
  • settings: 1.9.0
  • sharebymail: 1.17.0
  • side_menu: 3.11.2
  • spreed: 17.1.3
  • support: 1.10.0
  • survey_client: 1.15.0
  • suspicious_login: 5.0.0
  • systemtags: 1.17.0
  • tasks: 0.15.0
  • text: 3.8.0
  • theming: 2.2.0
  • twofactor_backupcodes: 1.16.0
  • twofactor_nextcloud_notification: 3.8.0
  • twofactor_totp: 9.0.0
  • updatenotification: 1.17.0
  • user_status: 1.7.0
  • viewer: 2.1.0
  • weather_status: 1.7.0
  • workflowengine: 2.9.0
    Disabled:
  • encryption
  • files_external
  • user_ldap
Configuration (config/config.php)

{
“instanceid”: “REMOVED SENSITIVE VALUE”,
“passwordsalt”: “REMOVED SENSITIVE VALUE”,
“secret”: “REMOVED SENSITIVE VALUE”,
“trusted_domains”: [
“my_domain”,
“internal_IP”
],
“datadirectory”: “REMOVED SENSITIVE VALUE”,
“dbtype”: “pgsql”,
“version”: “27.1.4.1”,
“overwrite.cli.url”: “http://my_nextcloud_domain”,
“dbname”: “REMOVED SENSITIVE VALUE”,
“dbhost”: “REMOVED SENSITIVE VALUE”,
“dbport”: “removed”,
“dbtableprefix”: “oc_”,
“dbuser”: “REMOVED SENSITIVE VALUE”,
“dbpassword”: “REMOVED SENSITIVE VALUE”,
“installed”: true,
“memcache.local”: “\OC\Memcache\Redis”,
“memcache.locking”: “\OC\Memcache\Redis”,
“redis”: {
“host”: “REMOVED SENSITIVE VALUE”,
“port”: 6379
},
“default_phone_region”: “US”,
“enable_previews”: true,
“enabledPreviewProviders”: [
“OC\Preview\PNG”,
“OC\Preview\JPEG”,
“OC\Preview\GIF”,
“OC\Preview\BMP”,
“OC\Preview\XBitmap”,
“OC\Preview\Movie”,
“OC\Preview\PDF”,
“OC\Preview\MP3”,
“OC\Preview\TXT”,
“OC\Preview\MarkDown”
],
“filesystem_check_changes”: 0,
“log_rotate_size”: 104857600,
“simpleSignUpLink.shown”: false,
“mail_smtpmode”: “smtp”,
“mail_smtpsecure”: “ssl”,
“mail_sendmailmode”: “smtp”,
“mail_from_address”: “REMOVED SENSITIVE VALUE”,
“mail_domain”: “REMOVED SENSITIVE VALUE”,
“mail_smtpauthtype”: “LOGIN”,
“mail_smtpauth”: 1,
“mail_smtphost”: “REMOVED SENSITIVE VALUE”,
“mail_smtpport”: “465”,
“mail_smtpname”: “REMOVED SENSITIVE VALUE”,
“mail_smtppassword”: “REMOVED SENSITIVE VALUE”,
“maintenance”: false,
“updater.release.channel”: “stable”,
“theme”: “”,
“loglevel”: 0
}

Cron Configuration: Array
(
[backgroundjobs_mode] => cron
[lastcron] => 1701124202
)

External storages: files_external is disabled

Encryption: no

User-backends:

OC\User\Database

Talk configuration:

STUN servers

no custom server configured

TURN servers

no custom server configured

Signaling servers (mode: default):

no custom server configured

Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0

for Docker/Podman list environment variables ( run “docker inspect {container name}”)**

No Docker

The output of your Apache/nginx/system log in /var/log/____:
For Docker/Podman post STDOUT of the container (run docker logs {container name})

N/A

errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors.

PASTE HERE