2fa cannot be enabled after a couple users enabled it before

[dvdfabian]

Hello,

we've decided to force 2fa for all the syspass users in the company. Some users, however, started complaining that they cannot enable 2fa in the profile settings. They toggle the switch, scan the QR code and write down the verification code. After hitting save, they get the green bar "preferences saved" but 2fa gets immediatelly disabled again and a new QR code is displayed.

I have tracked the problem down to a DB schema deficiency. The column plugin_data under the table plugins is defined as VARBINARY(5000). Since each user settings consumes about 600B (recovery codes take a lot), after about 8-10 users one hits the column size limit and all successive MySQL save queries start to fail. The problem is even more anoying since if the query fails, the exception is turned into false return in savePluginUserData and the user only gets one green bar instead of two (but no error message). So he/she is unaware of the saving problem. The solution at the moment was to update the column definition to VARBINARY(32768) but this is only a short-term solution. As the number of users can grow to hundreds, this storage schema will not scale (since VARBINARY is capped to 65k, I believe).

sidenote: Why is there a use2fa field under the usrData table which is always set to 0 when there is a complete settings under plugins?

Best regards,

David Fabian

[nuxsmin]

Hello,

I totally agree with you, and this is obviously a design error. I'll analyze which changes need to be made to get a working long term behavior.

Good work! Thanks for the feedback ;)

Best regards

[nuxsmin]

sidenote: Why is there a use2fa field under the usrData table which is always set to 0 when there is a complete settings under plugins?

A time ago, this plugin/feature was included within sysPass code, so there were some shared data that were stored in several tables. Currently, every plugin must contain its own data model and store it in the same table.

BR

[nuxsmin]

Solved ;)