legacy totp authenticators on an account will still be considered and will block / fail for users when totp is globally disabled #7213
Labels
priority/4/normal
Normal priority items
priority/6/very-low
Very Low priority items
status/needs-information
Needs more information
type/bug/unconfirmed
Unconfirmed Bugs
Version
v4.38.8
Deployment Method
Other
Reverse Proxy
Traefik
Reverse Proxy Version
?
Description
If a user previously had a TOTP authenticator attached to their account, when totp is globally disabled via config they are still treated as existing on the account, and can be selected as an authentication option, however they just stall at loading screens locking out users.
Reproduction
see description
Expectations
TOTP authenticators should not be considered as existing when totp is globally disabled, allowing users to only use remaining options, or action the initial add a device workflow if it is the only attached option to the account.
Configuration (Authelia)
No response
Build Information
seriously?
Logs (Authelia)
seriously?
Logs (Proxy / Application)
No response
Documentation
No response
Pre-Submission Checklist
I agree to follow the Code of Conduct
This is a bug report and not a support request
I have read the security policy and this bug report is not a security issue or security related issue
I have either included the complete configuration file or I am sure it's unrelated to the configuration
I have either included the complete debug / trace logs or the output of the build-info command if the logs are not relevant
I have provided all of the required information in full with the only alteration being reasonable sanitization in accordance with the Troubleshooting Sanitization reference guide
I have checked for related proxy or application logs and included them if available
I have checked for related issues and checked the documentation
The text was updated successfully, but these errors were encountered: