I observed some potential errors with 2FA in Seafile Server Pro 8.0.3.
First, I had problems connecting with SeaDrive Client (2.0.13) from macOS. I had had the SeaDrive Client working for months over several server upgrades (7.x.x => 8.0.3) without problems or disconnects. Then, all of a sudden, it got disconnected, and when I tried to re-login, it kept asking for a 2FA code over and over again.
The logs showed:
… after entering user name and PW:
request failed for https://seafile..../api2/auth-token/: {"non_field_errors":["Two factor auth token is missing."]}
… and then after entering 2FA code in the prompt:
request failed for https://seafile..../api2/auth-token/: {"non_field_errors":["Two factor auth token is invalid."]}
… strangely enough. I tried re-installing SeaDrive and removing the user config folder ~/.seadrive, without success. I also tried one of the 10 static backup codes that are generated when 2FA is enabled, didn’t work either.
Then, I disabled 2FA for that user on the server. SeaDrive connected successfully. Ok, seemed like a bug of the SeaDrive client, I thought.
But when I re-enabled 2FA for that user, problems got worse. The 10 new static backup codes that were shown were all printed with a leading b' and trailing ', so Python bytes encoding, I assume.
I logged out from that user and tried to re-logging in the browser using one of the static codes, with and without the b'...', neither worked.
Luckily, the temporary numeric 2FA code worked, otherwise my user would’ve been locked-out.
So, it looks to me as if there is a serious bug in Seafile Pro 8.0.3 that leads to wrong static 2FA codes being generated / printed to the user. I the 2FA device is lost / not available / destroyed / whatever, the account is locked out.
