2 Factor enabled but can still log in without code

[phess1]

Steps to reproduce

1.Enable 2 factor
2.Send email with QR code to user
3.User adds account to Google Authenticator app
4. User can log in without the 2FA code as well as with it

Expected behaviour

Tell us what should happen
User should have to put in the 2FA code at the teampass login screen

Actual behaviour

Tell us what happens instead
User is logged in without 2FA code

Server configuration

Operating system:
Ubuntu 14.04
Web server:
Apache 2.4.20
Database:
MySQL 5.5.25a
PHP version:
5.6.23
Teampass version:
2.1.26
Updated from an older Teampass or fresh install:
Fresh install

Client configuration

Browser:
Chrome
Operating system:
Sierra

Logs

Web server error log

Insert your webserver log here

Firebug log (How to?)

Insert the Firebug log here

[madjuran]

+1
I tried on centos and debian os, with different versions of mysql/php/apache/browsers, and I tried to add field to database according to the first comment in #1407 issue, so I update database with insert query:
INSERT INTO teampass.teampass_misc (type, intitule, valeur) VALUES ('admin', '2factors_authentication', '1'); but everything is the same.

[nilsteampassnet]

Correct.

Bug introduced with the changes performed in admin tabs.

Quick patch:

• open /sources/identify.php
• replace

if (isset($_SESSION['settings']['google_authentication']) && $_SESSION['settings']['2factor_authentication'] == 1 && $username != "admin") {

by

if (isset($_SESSION['settings']['google_authentication']) && $_SESSION['settings']['google_authentication'] == 1 && $username != "admin") {

[phess1]

This worked. Thank you.

[madjuran]

+1
Thank you.

[qubez]

Oops. Was fixed here, I searched all files and replaced, but again the github client seems to randomly miss lines.