two factor backup codes are enabled, confirming a new email address fails with this error:
Oops The software powering this discussion forum encountered an unexpected problem. We apologize for the inconvenience. Detailed information about the error was logged, and an automatic notification generated. We'll take a look at it. No further action is necessary. However, if the error condition persists, you can provide additional detail, including steps to reproduce the error, by posting a discussion topic in the site's feedback category.
This happens across multiple Discourse setups, so, isn’t specific to one.
Turning off the
two factor backup codes feature resolves the issue, and email verification goes through fine.
Full steps to reproduce the issue:
- Start with an account on any Discourse (can use https://try.discourse.org/ for testing)
- Setup 2FA with TOTP (I have not tested with physical security keys)
- Change email on your account
- Click on verification email sent to the new email inbox. Notice that the verification goes through.
two factor backup codeson your 2FA settings.
- Change email on account again.
- Click on verification email sent to the newest email inbox. Notice that the verification fails with the error noted earlier.
- Turn off
two factor backup codes.
- Change email again.
- Click on the verification email sent to the newest address.
- You will be asked to enter the TOTP code.
- This time the verification of the newest email goes through fine.