How to reset 2FA?
lev-apeiros opened this issue · 11 comments
What is the way to reset the 2FA for admin account from the DB?
@lev-apeiros run
docker exec -it <app-name> /app/bin/rails r "User.update_all(otp_secret: nil, otp_required_for_login: false)"
get app-name via docker ps
I didn't mention, but the application is running on Google Cloud Run.
@lev-apeiros you can also reset it via SQL:
UPDATE users SET otp_secret = NULL, otp_required_for_login = false;
Google Cloud Run is a fully managed service and there is no way to run commands on the container.
Is there a flag I can pass when deploying the image to temporarily disable 2FA?
This happened when I created a different environment for docuseal and enabled 2FA there - it just overwritten my previous seed and now I'm stuck out of production environment.
@lev-apeiros you should be able to connect to the database and run the UPDATE query
Also use Environment variable to configure the app sincegoogle cloud run doesn't provide a persistant storage:
https://www.docuseal.co/docs/configuring-docuseal-via-environment-variables
It is configured to use Google Cloud Storage as the storage.
I also tried to manually download db.sqlite3, edit the users table and upload again, but looks like it has no impact.
@lev-apeiros afaik db.sqlite3 will be removed on google lcoud run app restart since it doesn't provide a persistant storage
you need to connect to a persistant postgresql DB via ENV variables - your current google cloud run setup seems to be not viable.
Google Cloud Run provides a persistent storage by mounting a volume that is mapped to Google Cloud Storage bucket.
I think there must be a way for an administrator to be able to reset other users 2FA. What do you think?
We were able to remove the user that lost the 2FA seed and add it again, but for some reason they still asked to write the 6-digits code after password reset.
@lev-apeiros yeah i think we need to allow admins to reset 2fa of the users - looks like there are no easy ways to do it via google cloud run where everything is isolated. We will make it possible in the next release
@lev-apeiros we decided to not allow users reset 2FA - for on-premise users it's possible just to update a column in the DB to reset 2FA, for Cloud users they need to email support@ and provide enough evidences so that we can reset their 2FA