TOTP cannot be re-enabled

Community Support

RaNd March 15, 2023, 1:21pm 1

Description

Old installation, updated to 5.0.2
Login via LDAP
OTP has been enabled for all users/groups, but new users have to manually activate TOTP.
(email2fa works fine when it’s enabled, but we need only TOTP)

The query below list enabled TOTP users, but TOTP is not enforced, but available,
db.users.find({"services.totp": {$exists: true}}, {"username": 1, "_id": 0})

Enabled TOTP users have the record

 "totp" : { "enabled" : false ,
 "hashedBackup" : [ "XXXXXXYYYYYZZZZ",}

and

 "email2fa" : { "enabled" : true ,

Server Setup Information

Version of Rocket.Chat Server: 5.0.2
Operating System: RHEL8
Deployment Method: tar
Number of Running Instances: 2x2
DB Replicaset Oplog: yes
NodeJS Version: v14.19.3
MongoDB Version: v4.4.19
Proxy: nginx and F5
Firewalls involved: no

Topic		Replies	Views	Activity
Force users to use 2FA through TOTP Community Support	2	596	December 28, 2021
Error message - TOTP required Community Support	1	1147	April 13, 2022
2FA Blocked account - Unlock user account as admin Community Support	2	1320	January 15, 2021
Not receiving emails anymore so cannot change settings as admin as TOTP is required Community Support	2	1475	September 9, 2021
Reset 2FA settings for user Community Support	5	6488	January 15, 2021