Disable 2fa not working as expected #14
Labels
documentation
Improvements or additions to documentation
Comments
|
You can also delete the TOTP/WebAuthn device in the admin for that user and then everything works as expected again. I'm a little bit hesitant to special-casing this in the login flow since it introduces a risk for potential security issues if mistakes are made in how this is handled. |
|
Sounds right, it adds an extra step, but it's only relevant for testing this particular feature anyway. |
sergei-maertens
added
the
documentation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2fa can be disabled for staff + superusers that don't have a TOTP device set up, but as as soon as you enable 2fa, you're stuck with it for that user (in the sense that it cannot be disabled programmatically).
Not a big hassle for development purposes, as you can just create a new superuser for testing out 2fa. However, it's not intuitive and should be either fixed or documented at some point.
The text was updated successfully, but these errors were encountered: