Associated Accounts disabled when secondFactor is enabled

For some reason I do not understand, Discourse does not allow users to connect or manage already connected external accounts (for example an associated Discord account). The Discourse code appears to use the following logic to determine whether or not a user can update their associated accounts:

    secondFactorEnabled,
    canCheckEmails,
    isAnonymous
  ) {
    if (secondFactorEnabled || !canCheckEmails || isAnonymous) {
      return false;
    }
    return findAll().length > 0;

Why is secondFactorEnabled a variable that is considered here?

My users are very confused as they’ve ended up in a bizarre situation. They signed up for an account on our website, associated their account with a Discord account in order to gain access to our Discord server, and then enabled 2Factor authentication on their account. After doing so, the whole “Associated Accounts” section disappeared from their account page! They are no longer able to see or manage their associated account as long as 2Factor is enabled.

We have another user who was very confused because they created their account and enabled 2Factor and were unable to follow our instructions for adding an associated account because the entire “Associated Accounts” section never showed up for them in the first place.

The only thing these two users have in common compared to other users without the issue is that they both have 2Factor enabled.

I would like to provide my users with the option to both have 2Factor enabled on their forum account and to be able to associate their account with a Discord account.

I’m filing this under the #support category, but I’m not sure if this is actually a #bug. Either way, it seems there is no workaround without code changes to Discourse.

1 Like