Command line disable Two Factor Authentication

Hello everyone,
I have mistake that i delete Google Authentication Discourse on Mobile so Now i can’t login to Discourse.
My question is … Can we disable Two Factor Authentication by command line SSH ?
Thank you!

1 Like

What happened to your backup codes?

I delete my Google authentication

And i don’t save backup code

Yes, you can do this by updating the enforce_second_factor site setting to “no”. Enter the rails console and run:

 SiteSetting.enforce_second_factor = "no"

The available options for that setting are “no”, “staff”, and “all”.

3 Likes

I want to disable two factor authentication all of account Discourse

I am a newbie, and have the same problem. I deleted Factor Authentication on my phone without saving the backcode.
Currently I cannot log in to the admin. Currently, I have no other staff to disable it from dasboard.
Can anyone explain more about how to use this command ?:

Thanks you

You need SSH terminal access to the server that Discourse is running on to proceed. Do you have that?

Yes, I have it, but I don’t know how with that command. Need to go to the Rails console? In fact, I don’t know how Rails works.

To access the rails console, ssh into your server. To do that, open a terminal on your computer and run:

ssh root@<your_forum_ip_address>

Replace <your_forum_ip_address> with the IP address of your Discourse site.

If that command is successful, you will see a prompt that looks something like this. Your IP address, or droplet name will be displayed instead of the word testeleven:

root@testeleven:~#

Type cd /var/discourse and hit your enter key.

Now type ./launcher enter app and hit the enter key.

You should see a prompt that ends with something similar to this: /var/www/discourse#

At that prompt, type rails c and hit your enter key. You should now see a prompt that looks similar to this: pry(main)> . This is the rails console.

To disable forced second factor authentication, type SiteSetting.enforce_second_factor="no" and hit your enter key.

To exit the SSH session, you will need to enter the word exit into the terminal three times. The first time is to exit the rails console, the second time is to exit the docker container, the third time is to exit the SSH session.

5 Likes

Thanks, the instructions are very clear and detailed. I did the following, but still required 2-factor authentication when logging in. Do not know where is wrong?

root@hoi-dap:/var/discourse# ./launcher enter app
root@hoi-dap-app:/var/www/discourse# rails c
[1] pry(main)> SiteSetting.enforce_second_factor='no'
=> "no"
[2] pry(main)> exit
root@hoi-dap-app:/var/www/discourse# exit
logout

Sorry, setting SiteSetting.enforce_second_factor = "no" will not solve your problem. You need to remove the second factor record for your user.

To do that, enter the rails console, then you need to find your user ID. To do that run:

id  = User.find_by(username: '<your_username>').id

Replace <your_username> with your Discourse username. Make sure to keep the quotation marks. When you run the command, you should see a number returned. That number is your user ID. It has been assigned to the variable id.

Then you need to find the UserSecondFactor record that is associated with your user. This command uses the id variable that you set with the first command:

second_factor = UserSecondFactor.find_by(user_id: id)

When you run that command, you should see some output in the console that shows your second factor record.

Now destroy the record:

second_factor.destroy

You can exit the console after running that command. You should be able to login to your site after running it.

Let us know if you have any problems with this.

5 Likes

Thanks so much, it works great.
However, I did not use the command second_factor.destroy. Instead, I took the data field to manually enter the Authenticator to recreate the two-factor authentication code.
Yes, it worked perfectly. For added security, I will recreate the new validator.
Thanks you.

1 Like