Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lost keys when upgrading to 4.x whilst using proxy header authentication #176

Closed
RichyHBM opened this issue Apr 16, 2023 · 6 comments
Closed

Lost keys when upgrading to 4.x whilst using proxy header authentication #176

RichyHBM opened this issue Apr 16, 2023 · 6 comments
Labels
bug Something isn't working

Comments

@RichyHBM
Copy link

RichyHBM commented Apr 16, 2023
edited
Loading

Describe the bug
Upgrading to 4.0 caused me to lose all my authenticators due to email changing when using
AUTHENTICATION_GUARD=reverse-proxy-guard
AUTH_PROXY_HEADER_FOR_USER=HTTP_REMOTE_USER

From what I can tell in the account page, my email changed from fake.email@do.not.use in 3.x to admin@remote on 4.x

To Reproduce
Steps to reproduce the behavior:

  1. Using Proxy auth header, on 3.4.x add some keys
  2. Upgrade to 4.x
  3. Open and notice no keys shown

Expected behavior
Migration should keep details

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: [e.g. iOS] Windows
  • Browser [e.g. chrome, safari] Chrome/Brave
  • Version [e.g. 22] 4.0.1

Additional context
Add any other context about the problem here.
@RichyHBM
Copy link
Author

For anyone seeing similar issue, to fix it manually I had to open the sqlite file in an editor and set the user_id column on the keys to the user id of your account

@Bubka
Copy link
Owner

Bubka commented Apr 17, 2023

Hi,
You speak about security keys I guess?
If so, having no security key after upgrade is the expected situation.

From the change log/release notes:

2FAuth uses a new component to operate the WebAuthn authentication that cannot use existing registrations of your security devices. As a consequence, all your security devices will be revoked and the "Use Webauthn only" option will be disabled during the upgrade to avoid any issue and/or lockout. You will have to sign in using your email and password to re-register you security devices.

@pwlgrzs
Copy link

pwlgrzs commented Apr 17, 2023

For anyone seeing similar issue, to fix it manually I had to open the sqlite file in an editor and set the user_id column on the keys to the user id of your account

That worked, thank you!

@Bubka
Copy link
Owner

Bubka commented Apr 17, 2023

@RichyHBM @pwlgrzs Before upgrading, did you ever created an account in your 2Fauth instance (using the registration form) or did you started using it directly with the remote user setup?

@pwlgrzs
Copy link

pwlgrzs commented Apr 17, 2023

I think the setup running now was straight remote user, but I cannot recall anymore :<

@Bubka
Copy link
Owner

Bubka commented Apr 17, 2023

I was able to reproduce, I think this is this condition that leads to the situation.
The fix suggested by Richy is ok but should be extended to the groups table if you use them. I'm working on a fix right now.

@Bubka Bubka added the bug Something isn't working label Apr 17, 2023
@Bubka Bubka moved this from Todo to In Progress in 2FAuth backlog Apr 17, 2023
@Bubka Bubka closed this as completed in a584c21 Apr 19, 2023
@github-project-automation github-project-automation bot moved this from In Progress to Done in 2FAuth backlog Apr 19, 2023
@Bubka Bubka moved this from Done to Released in 2FAuth backlog Apr 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
2FAuth backlog
Status: Released
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Bubka @RichyHBM @pwlgrzs