Possible to disable two-factor when two-factor enforced #24939
Labels
0. Needs triage
Pending check for reproducibility or if it fits our roadmap
enhancement
feature: authentication
How to use GitHub
Steps to reproduce
Expected behaviour
It should not be possible to disable two-factor auth when two-factor auth is enforced.
Actual behaviour
Two-factor is disabled without warning, and the user is locked out of their account unless they have a recovery key.
Server configuration
Operating system: OpenSUSE Leap 15.2
Web server: Nginx 1.19.6
Database: mariadb 10.5
PHP version: 7.4.13
Nextcloud version: 20.0.4
Updated from an older Nextcloud/ownCloud or fresh install: Upgraded
Where did you install Nextcloud from: Docker
Signing status:
Signing status
No errors have been found.
List of activated apps:
App list
Enabled:
Disabled:
Nextcloud configuration:
Config report
Are you using external storage, if yes which one: no
Are you using encryption: no
Are you using an external user-backend, if yes which one: no
Client configuration
Browser: Firefox
Operating system: OpenSUSE Tumbleweed
The text was updated successfully, but these errors were encountered: