If you’ve locked yourself out of your Discourse instance with an invalid Discourse Connect (SSO) configuration, append /u/admin-login to the end of your forum’s root URL:
https://discourse.example.com/u/admin-login
This will take you to an admin login page:
Enter your admin email address and click Send Email . There is also a Safe Mode
You’ll be sent an email with a login link that circumvents Discourse Connect and read-only mode, allowing you to login as needed.
Alternative method requiring console access
Disable Discourse Connect
cd /var/discourse
./launcher enter app
rails c
irb > SiteSetting.enable_discourse_connect = false
irb > SiteSetting.enable_local_logins = true
irb > exit
exit
Disable read-only mode
cd /var/discourse
./launcher enter app
rails c
irb > Discourse.disable_readonly_mode(Discourse::USER_READONLY_MODE_KEY)
irb > exit
exit
Last edited by @hugh 2024-07-30T05:41:29Z
Last checked by @hugh 2024-07-30T05:41:34Z
Check document Perform check on document:
18 Likes
nory
January 14, 2023, 8:39pm
6
Hi, I can’t access to my forum.
I have enabled read-only mode but now I can’t access to admin.
When I go to “/u/admin-login” and I insert my admin email, I receive this error:
“{“errors”:[“The site is in read only mode. Interactions are disabled.”],“error_type”:“read_only”} ”
And also via console access it doesn’t work
How can I resolve?
Thank you in advance
2 Likes
I think you can run this in the rails console to turn it off:
Moin
June 13, 2025, 6:37am
10
Does it? When I enter my email and click Send email , I see:
The site is in read only mode. Interactions are disabled.
And no email is sent.
3 Likes
Thanks for the report @Moin , that should fix it (once and for all
main ← fix-readonly-take-2
merged 07:08AM - 10 Jul 25 UTC
The reasons for these changes is https://meta.discourse.org/t/-/89605 broke and … admins were not able to log back in if they had previously enabled the "read only" mode.
Thus ensued a deep dive into how all the "read only" modes worked, which was made difficult due to the lack of tests.
The "cornerstone" of this PR is the `read_only_mixin.rb` file which was improved to be able to differentiate between the "readonly" mode and the "staff writes only" mode.
I then made use of the `allow_in_readonly_mode` and `allow_in_staff_writes_only_mode` method to **explicitely** list all the actions that should work in those modes.
I also added the "readonly" mixin to the `WebhooksController` since it doesn't inherit from the `ApplicationController`.
I improved the security of the `/u/admin-login` endpoint by always sending the same message no matter if we found or not an admin account with the provided email address.
I added two system specs:
1. for ensuring that admins can log in via /u/admin-lgoin and then clicking the link in the email they received while the site is in readonly mode.
2. for ensuring the "staff writes only mode" is _actually_ tested by ensuring a moderator can log in and create a topic while the site is in that mode.
Plenty of specs were updated to ensure 100% converage of the various "read only" modes.
5 Likes
Very useful!
2 Likes
This guide explains how to log back into Discourse as an admin when you have been locked out.
Required user level: Administrator
If you have 2-factor authentication enabled you’ll still have to enter your auth code.
)