[Koha-bugs] [Bug 31247] New: Staff interface 2FA blocks logging into the OPAC

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Wed Jul 27 16:30:52 CEST 2022 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31247

            Bug ID: 31247
           Summary: Staff interface 2FA blocks logging into the OPAC
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5 - low
         Component: Authentication
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: caroline.cyr-la-rose at inlibro.com
        QA Contact: testopia at bugs.koha-community.org
                CC: dpavlin at rot13.org

I noticed when I turned on the 2FA for my staff account, I'm no longer able to
log into the OPAC with that same account. I usually use the same account for
both, so I find this a major drawback in using 2FA.

To test:
1) With 2FA turned off, log into the staff interface with your staff account
--> login is normal
2) With 2FA turned off, log into the OPAC with the same account
--> login is normal
3) Turn on 2FA
3.1) In System preferences, enable TwoFactorAuthentication
3.2) Go to 'My account' (click your username in the top right and choose 'My
account)
3.3) Click More > Manage two-factor authentication
3.4) Click Enable two-factor authentication
3.5) With an authenticator app (I used FreeOTP) scan the QR code
3.6) Enter the PIN provided by the app in the PIN code field
3.7) Click Register with two-factor app
4) Log out of the staff interface
5) Log into the staff interface
--> Username, password and two-factor code is needed
6) Log out of the OPAC
7) Log into the OPAC (I used the login box on the right)
--> It cycles back to the login page, you can never log in
8) In the staff interface, disable 2FA
8.1) In 'My account', click More > Manage two-factor authentication
8.2) Click Disable two-factor authentication
9) Log into the OPAC
--> login is normal

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.

More information about the Koha-bugs mailing list