I have mistake that i delete Google Authentication Discourse on Mobile so Now i can’t login to Discourse.
My question is … Can we disable Two Factor Authentication by command line SSH ?
What happened to your backup codes?
Yes, you can do this by updating the
enforce_second_factor site setting to “no”. Enter the rails console and run:
SiteSetting.enforce_second_factor = "no"
The available options for that setting are “no”, “staff”, and “all”.
I am a newbie, and have the same problem. I deleted Factor Authentication on my phone without saving the backcode.
Currently I cannot log in to the admin. Currently, I have no other staff to disable it from dasboard.
Can anyone explain more about how to use this command ?:
You need SSH terminal access to the server that Discourse is running on to proceed. Do you have that?
Yes, I have it, but I don’t know how with that command. Need to go to the Rails console? In fact, I don’t know how Rails works.
To access the rails console, ssh into your server. To do that, open a terminal on your computer and run:
<your_forum_ip_address> with the IP address of your Discourse site.
If that command is successful, you will see a prompt that looks something like this. Your IP address, or droplet name will be displayed instead of the word
cd /var/discourse and hit your enter key.
./launcher enter app and hit the enter key.
You should see a prompt that ends with something similar to this:
At that prompt, type
rails c and hit your enter key. You should now see a prompt that looks similar to this:
pry(main)> . This is the rails console.
To disable forced second factor authentication, type
SiteSetting.enforce_second_factor="no" and hit your enter key.
To exit the SSH session, you will need to enter the word
exit into the terminal three times. The first time is to exit the rails console, the second time is to exit the docker container, the third time is to exit the SSH session.
Thanks, the instructions are very clear and detailed. I did the following, but still required 2-factor authentication when logging in. Do not know where is wrong?
root@hoi-dap:/var/discourse# ./launcher enter app root@hoi-dap-app:/var/www/discourse# rails c  pry(main)> SiteSetting.enforce_second_factor='no' => "no"  pry(main)> exit root@hoi-dap-app:/var/www/discourse# exit logout
SiteSetting.enforce_second_factor = "no" will not solve your problem. You need to remove the second factor record for your user.
To do that, enter the rails console, then you need to find your user ID. To do that run:
id = User.find_by(username: '<your_username>').id
<your_username> with your Discourse username. Make sure to keep the quotation marks. When you run the command, you should see a number returned. That number is your user ID. It has been assigned to the variable
Then you need to find the
UserSecondFactor record that is associated with your user. This command uses the
id variable that you set with the first command:
second_factor = UserSecondFactor.find_by(user_id: id)
When you run that command, you should see some output in the console that shows your second factor record.
Now destroy the record:
You can exit the console after running that command. You should be able to login to your site after running it.
Let us know if you have any problems with this.
Thanks so much, it works great.
However, I did not use the command
second_factor.destroy. Instead, I took the data field to manually enter the Authenticator to recreate the two-factor authentication code.
Yes, it worked perfectly. For added security, I will recreate the new validator.