While setting up and testing the built-in one-time code functionality, I stumbled upon an error message, given via panel interface. When the totp token was created earlier and a user now needs to recreate it, they need to remove the current configuration in a first step. When the user clicks the button Disable one-time codes in their account page, it’s answered with the error message: Could not find Panel view for route: dialogs/account/totp/disable
I tested a couple releases to find out when this behavior changed, and I can see the expected confirmation dialog until Kirby 5.0.4. The error occurs from version 5.1.0 and onwards.
Manually removing the totp key and its value from the account’s .htpasswd file allows the user to configure it again, because the dialog for enabling one-time codes does work.
Since I used the default examples and options from the documentation, I wonder where to start looking for a fix.
Did you manage to fix it? I also have similar issue.
On top of that, swapping back to not requiring the auth breaks login attempt… So basically users can’t login anymore even with correct password. Re-activating the challenge didn’t solve the issue, I’m locked out of my panel..
I couldn’t find a bug report on GitHub (at least not at first glance). Maybe you can create an issue on GitHub with steps to reproduce, so this doesn’t get lost?
@cbtr I could not fix it. Since I didn’t use the feature in production before, it currently lives only in my development environment.
I’m not sure if I understand what you’re describing. I remember being locked out despite a correct password and deactivated 2fa, while fiddling around and testing user accounts. But I think it had to do with the trials being counted in the .login file and the same IP address being used, colliding with some logic. Lowering the count there or increasing the threshold in the config file helped me. What you observe might be a different issue?
@texnixe
I thought about it but didn’t created one yet.
Since version 5.2.0 was released (and now even 5.2.2), I wanted to test and include these in my description before posting it.
Thanks for the reminder and encouragement!
I’ll see when I can add a report.
@squiggly thanks for your reply. I also tried to modify the threshold for attempts login but it didn’t help, what ultimately worked, was to delete the user folders thanks to the backup I had, I could restore the access.
Once enabling 2FA, and setting up the OTP at user level, the user’s .htpasswd is modified to integrate the OTP key, but once the 2FA is disabled via the config.php file, the .htpasswd doesn’t revert back. If the Could not find Panel view for route: dialogs/account/totp/disable is fixed, maybe the file would revert back correctly and user can login again..
