2FA not completely restored after disaster recovery

[nrauso]

After a disaster recovery procedure, the 2FA feature is enabled but not honored for NS users (both privileged and normal).

Steps to reproduce

• Enable 2FA for NS users;
• Restore system with disaster recovery procedure;
• Check if 2FA works.

Expected behavior

2FA should works as before.

Actual behavior

2FA is configured but not honored.

This happens because 2FA config files (/etc/nethserver/otp.secret,/etc/nethserver/cockpit.otp.force and /etc/nethserver/sshd.otp.force) are empty or inexistent.
The workaround is to run:

signal-event otp-save

Components

• nethserver-backup-data-1.7.1-1.ns7.noarch
• nethserver-restore-data-2.0.6-1.ns7.noarch

[stephdl]

how solve this ?

drop an action to trigger otp-save, do you know what is the event name of the disaster recovery

[gsanchietti]

how solve this ?

Just expand all required templates inside the post-restore-config or post-restore-data event:
https://docs.nethserver.org/projects/nethserver-devel/en/latest/events.html#standard-events-and-their-arguments

[stephdl]

post-restore-config maybe better associated, thank

[nrauso]

But 2FA users files are in backup-data, not in backup-config: @stephdl you should handle the connected events inside the post-restore-data, shouldn't you?

[nethbot]

in 7.7.1908/testing:

• nethserver-openssh-1.5.1-1.1.g34343e6.ns7.noarch.rpm x86_64 armhfp aarch64

[nethbot]

in 7.7.1908/testing:

• nethserver-cockpit-1.6.0-1.1.g85c1605.ns7.noarch.rpm x86_64 armhfp aarch64
• nethserver-cockpit-lib-1.6.0-1.1.g85c1605.ns7.noarch.rpm x86_64 armhfp aarch64

[gsanchietti]

Test case

• Check the bug is not reproducible

[nrauso]

Tested: VERIFIED

All configured 2FA are now correctly restored.

[nethbot]

in 7.7.1908/updates:

• nethserver-openssh-1.5.2-1.ns7.noarch.rpm x86_64 armhfp aarch64

[nethbot]

in 7.7.1908/updates:

• nethserver-cockpit-1.6.1-1.ns7.noarch.rpm x86_64 armhfp aarch64
• nethserver-cockpit-lib-1.6.1-1.ns7.noarch.rpm x86_64 armhfp aarch64