Can't disable 2fa

Yeah, this is just a problem with security keys. Hitting the Disable button on the main Second Factor management page of your user profile only disables Token-based Authenticators when it should be disabling all of the Second Factor methods.

Noting that you can disable the keys by selecting the little pencil icon button next to the key name and hitting the trash can button on the modal:
Screen Shot 2020-08-11 at 10.15.48 AM

I’ve had this bug on my list for a while, so this is my fault for dropping the ball. I think one thing that happened was that I saw this and didn’t look close enough:

https://github.com/discourse/discourse/pull/10144

I thought it likely fixed the issue and intended to prove that out, but I never got around to it. The above fix was from the admin perspective. I think the fix from the user perspective should be very similar. In any case, I’ll be sure to get a fix in the pipeline this week.

7 Likes