Forgot 2-factor backup codes

Hi there,

does anybody know how to reset a two factor login of a specific user - in case he has no access to his authenticator app and his backup codes?

Thanks,
Hagen

I haven’t seen a way to re-generate the auth codes. But you could disable 2 factor auth for all the users from the settings. Then do a password reset and re-enable 2 factor auth

Unfortunately this doesn’t work since after you disabled the 2 factor auth for all users, you are not longer able to access the 2fa section in the user settings. Without access to the 2fa section you can’t re-enable anything.

However, for anybody with the same problem, I found the solution:

In the “seahub-db” database you will find some tables starting with “two_factor_”. For me, all 2fa backup codes were in “two_factor_statictoken” as clear text (although they should better be hashed for security reasons).

@Seafile Team
I would recommend to introduce an option to disable the 2fa-auth for a specific user at the administration panel, since lost 2fa recovery codes aren’t uncommon for companies with a certain amount of employees.