2FA active but does not check second factor for successful logins
Opened this issue · 1 comments
Description
I had activated 2FA for my only user for some time now; initially, logging in required a second factor (as it should). However, since several versions, no second factor is asked and login is successfully done with user and password.
In the administrative settings, my user is flagged as 2FA active, in the user settings, 2FA is flagged as activated. I can deactivate and reactivate (and link my 2FA app again) but to no avail. Login does not require and does not ask for a second factor.
Adding a new user and activating 2FA works like it should: Logins require a second factor. I am quite unsure were to look for an error.
Gitea Version
1.24.5 (and prior)
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
https://gist.github.com/ypsilonkah/73dceeb75d30464130efe17da9d47e5f
Screenshots
No response
Git Version
https://gist.github.com/ypsilonkah/73dceeb75d30464130efe17da9d47e5f
Operating System
docker / ubuntu
How are you running Gitea?
Gitea is run via docker compose (image: gitea/gitea:latest); mysql as database container.
Database
MySQL/MariaDB
I found the issue, I think. I have set up authentification via AUTHENTIK and had "Skip local 2FA" checked. When unchecking, standard logins require 2FA keys again. However, login via authentik/sso also requires the second 2FA from Gitea.
Login -> Authentik -> Authentik credentials + Authentik 2FA -> Gitea 2FA -> successful login
I think this behavior is faulty.
edit: Currently, I am in version 1.25.0