Two Factor Authentication via email broken


So I have been trying to set up smtp via my own mail server (see other thread) and in this course I have “locked myself out” of being able to authenticate via code received by email. (Rocket chat is trying to send the code to an email that can’t be reached. But in order to change that email address back to one that can be reached, I need to enter a code that is being sent to the email address that can’t be reached…)

I included the following two lines in my docker-compose file to deactivate Two Factor Authentication:

  • OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_Enforce_Password_Fallback=false
  • OVERWRITE_SETTING_Accounts_TwoFactorAuthentication_Enabled=false

After docker-compose upping, in the admin console the Two Factor Authentication toggle is shown as not enabled, but when I try to change a setting (particularly my email address), the system still tries to send out a code for Two Factor Authentication via email - which of course does not actually get sent out.

So how do I actually and effectively disable Two Factor Authentication without the need to Two Factor Authenticate that change?


Server Setup Information

  • Version of Rocket.Chat Server: 4.4.2
  • Operating System: Debian 11
  • Deployment Method: docker-compose
  • Number of Running Instances: 1
  • DB Replicaset Oplog: enabled
  • NodeJS Version: 14.18.2
  • MongoDB Version: 4.4.12
  • Proxy: haproxy
  • Firewalls involved: pfSense

Any additional Information

Can’t think of anything of relevance.

This is interesting … I’ll have to check. Thanks for letting us know.

cc @duda.nogueira in case this slips me, iirc these are the only settings that control 2fa. Either I’m forgetting something, or setting handling recently changed (not to my knowledge).

Tried again. Still sends out email code although the Two Factor toggle is on disabled.

If it is not possible to effectively overwrite the setting, would it be possible to overwrite the unreachable email address somewhere?


I could not reproduce this on 4.5.0, tweaking with those settings you mentioned

Are you able to consistently reproduce this?

I was also investigating another 2FA email issues.

Updated to 4.5.0 and issue is gone.

Thanks for the suggestion.

1 Like