We’re integrating Rocket.Chat with our platform, creating chat accounts with the same login and password users have in our system. Subsequently, when user password is changed in our system, we need to update chat account password as well - but we’re not able to do so, we are getting “TOTP Required [totp-required]” error.
The documentation states that “Edit Other User Password” permission is required, administrator has such permission of course. We’re not sure if it’s a good idea to set such permission for a user though, sounds like they’ll be able to change each others’ password then; still we tried granting such permission and nothing has changed. Anyway, we’re using REST API from an administrator user, they create accounts successfully, unable to change passwords though.
Do you think this may be a bug and submitting a bugreport may help?
Thank you for all the help.
reetp
September 16, 2021, 12:09pm
2
igor-afterlogic:
[totp-required
Hmm - it probably isn’t a bug.
Search github for the error.
That will lead you to these.
opened 08:58AM - 08 Sep 20 UTC
closed 08:58AM - 08 Sep 20 UTC
### Description:
The new version 3.6.0 is working fine when i update an exist… ing instance. But i am not able to start new ones. I am running automated scripts to build up my docker container whenever i want to. But it fails since 2FA is forced (if i understand it right) it fails at the point, where i want to change things like SiteURL or Admin user
https://rocket.chat/all-aboard-rocket-chat-3-6-is-here/
"If you’re changing an important setting on your Admin panel or resetting an E2E Key, our system will now ask you for a 2-Factor Authentication code to proceed with the changes."
This breaks the whole automatism thing... Correct me if i am wrong.
### Steps to reproduce:
1. Start RC in 3.6
2. try to create Admin user or reset settings like SiteURL
3. enjoy TOTP errors
### Expected behavior:
No 2FA forced - because i think a lot of people are using automated setups, you can't use 2FA that way ...
### Actual behavior:
RC does not start.
### Server Setup Information:
- Version of Rocket.Chat Server: 3.6.0
- Operating System: node:12.18-slim docker
- Deployment Method: docker
- Number of Running Instances: >10
- DB Replicaset Oplog:
- NodeJS Version: 12.18
- MongoDB Version: v3.6.13
### Relevant logs:
```
infos of customer-admin:
rocketchat_1 | {"user":{"_id":"XXXXXXXXX","createdAt":"2020-09-08T08:41:14.283Z","name":"Administrator","username":"admin","status":"offline","utcOffset":0,"active":true,"emails":[{"address":"example@mail.de","verified":false}],"type":"user","services":{},"roles":["admin"]},"success":true}
update customer-admin:
rocketchat_1 | {"success":false,"error":"TOTP Required [totp-required]","errorType":"totp-required","details":{"method":"password","codeGenerated":false,"availableMethods":[]}}
infos of general channel:
rocketchat_1 | {"channel":{"_id":"GENERAL","ts":"2020-09-08T08:41:13.861Z","t":"c","name":"general","usernames":[],"msgs":0,"usersCount":0,"default":true,"_updatedAt":"2020-09-08T08:41:13.861Z"},"success":true}
invite admin to general channel:
rocketchat_1 | {"channel":{"_id":"GENERAL","ts":"2020-09-08T08:41:13.861Z","t":"c","name":"general","usernames":[],"msgs":1,"usersCount":1,"default":true,"_updatedAt":"2020-09-08T08:41:20.709Z"},"success":true}
reset Site_Url:
rocketchat_1 | {"success":false,"error":"TOTP Required [totp-required]","errorType":"totp-required","details":{"method":"password","codeGenerated":false,"availableMethods":[]}}
rocketchat_1 | Customer admin could not be created - Aborting!
```
opened 09:01AM - 08 Sep 20 UTC
closed 12:27PM - 14 Oct 20 UTC
type: documentation
feat: rest
stat: triaged
### Description:
The new version 3.6.0 is working fine when i update an exist… ing instance. But i am not able to start new ones. I am running automated scripts to build up my docker container whenever i want to. But it fails since 2FA is forced (if i understand it right) it fails at the point, where i want to change things like SiteURL or Admin user
https://rocket.chat/all-aboard-rocket-chat-3-6-is-here/
"If you’re changing an important setting on your Admin panel or resetting an E2E Key, our system will now ask you for a 2-Factor Authentication code to proceed with the changes."
This breaks the whole automatism thing... Correct me if i am wrong.
### Steps to reproduce:
1. Start RC in 3.6
2. try to create Admin user or reset settings like SiteURL
3. enjoy TOTP errors
### Expected behavior:
No 2FA forced - because i think a lot of people are using automated setups, you can't use 2FA that way ...
### Actual behavior:
RC does not start.
### Server Setup Information:
- Version of Rocket.Chat Server: 3.6.0
- Operating System: node:12.18-slim docker
- Deployment Method: docker
- Number of Running Instances: >10
- DB Replicaset Oplog:
- NodeJS Version: 12.18
- MongoDB Version: v3.6.13
### Relevant logs:
```
infos of customer-admin:
rocketchat_1 | {"user":{"_id":"XXXXXXXXX","createdAt":"2020-09-08T08:41:14.283Z","name":"Administrator","username":"admin","status":"offline","utcOffset":0,"active":true,"emails":[{"address":"example@mail.de","verified":false}],"type":"user","services":{},"roles":["admin"]},"success":true}
update customer-admin:
rocketchat_1 | {"success":false,"error":"TOTP Required [totp-required]","errorType":"totp-required","details":{"method":"password","codeGenerated":false,"availableMethods":[]}}
infos of general channel:
rocketchat_1 | {"channel":{"_id":"GENERAL","ts":"2020-09-08T08:41:13.861Z","t":"c","name":"general","usernames":[],"msgs":0,"usersCount":0,"default":true,"_updatedAt":"2020-09-08T08:41:13.861Z"},"success":true}
invite admin to general channel:
rocketchat_1 | {"channel":{"_id":"GENERAL","ts":"2020-09-08T08:41:13.861Z","t":"c","name":"general","usernames":[],"msgs":1,"usersCount":1,"default":true,"_updatedAt":"2020-09-08T08:41:20.709Z"},"success":true}
reset Site_Url:
rocketchat_1 | {"success":false,"error":"TOTP Required [totp-required]","errorType":"totp-required","details":{"method":"password","codeGenerated":false,"availableMethods":[]}}
rocketchat_1 | Customer admin could not be created - Aborting!
```
### Additional:
If i login via 2FA password like this:
```
loginInfo=$(curl -H "Content-type:application/json" -H "x-2fa-code: passw0rd" -H "x-2fa-method:password" http://localhost:3100/api/v1/login \
-d '{"user": "admin", "password": "passw0rd"}')
userId=$(echo $loginInfo | jq -r ".data.userId")
authToken=$(echo $loginInfo | jq -r ".data.authToken")
```
Result:
`rocket.chat rest api login info: {"status":"success","data":(...)}`
the login is ok but this fails due to
"`{"success":false,"error":"TOTP Invalid [totp-invalid]","errorType":"totp-invalid","details":{"method":"password"}}`":
```
return_msg=$(curl -H "X-Auth-Token: $authToken" \
-H "X-User-Id: $userId" -H "x-2fa-code:passw0rd" -H "x-2fa-method:password"\
-H "Content-type:application/json" \
http://localhost:3100/api/v1/settings/Site_Url \
-d '{"value": "'$ROOT_URL'"}')
```
Thank you for the response. Sure, we did search through GitHub, unfortunately threads we found don’t seem to be relevant for the issue we’re facing. Upon experimenting with this further, it appears that the same issue occurs even if we don’t attempt modifying the password, changing data.roles results in the same error.
If anyone is using users.update method with the latest Rocket.Chat version, we’d appreciate sharing an example of the method call that works for them. We utilize the method much like the one used to create a user , logged in as administrator account, and can’t figure out where our mistake could be.
Thanks again.
Have attempted to do that directly via cURL according to the documentation page , modifying just the name, not a password - same error:
$ curl -H "X-Auth-Token: rEcvAe0uIk0ZRGveG1eIo4C8Zi88bxo3xkDrbLg-sAs" \
> -H "X-User-Id: kc3dBmjGnCBx6AG2g" \
> -H "Content-type:application/json" \
> https://chat.mydomain.com/api/v1/users.update \
> -d '{"userId": "FowAqkCqmagRdYKkm", "data": { "name": "new name"}}'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 223 0 161 100 62 181 69 --:--:-- --:--:-- --:--:-- 181
{"success":false,"error":"TOTP Required [totp-required]","errorType":"totp-required","details":{"method":"password","codeGenerated":false,"availableMethods":[]}}
In theory, we could use users.updateOwnBasicInfo but having no luck there either, getting Error 401 no matter what we send in data.
reetp
September 17, 2021, 12:34pm
5
igor-afterlogic:
d [totp-required]","errorType":"totp-required","details":{"method":"password","codeGenerated":false,"avail
So you didn’t find this PR linked for the bugs above?
https://github.com/RocketChat/docs/pull/1799/files
Which I believe is part of this:
1 Like
Oh wow, my mistake, somehow I didn’t think it applied to our case as we’re not using 2FA anywhere. But, sending X-2fa-code and X-2fa-method actually did help, everything worked like a charm. Thank you!
1 Like
reetp
September 20, 2021, 8:25am
7
Fab!
I tried doing that, but my account probably doesn’t have sufficient permissions for editing forum thread properties… Sorry about the trouble.