How can I completly remove any reference to 2FA on the user settings page?

Andy_Wismer · March 25, 2024, 9:45am

NethServer Version: 7.9.2009
Module: User-Settings

Hi

How can I completly remove any reference to 2FA on the user settiungs page?
It is displayed even if 2FA is shut of.

I would like to remove that reference from the web page itself, where can I find that page?

I mean the displayed by this here:

Thanks

My 2 cents
Andy

stephdl · March 25, 2024, 11:38am

it comes from an API, need to check

stephdl · March 25, 2024, 11:40am

github.com

NethServer/nethserver-cockpit/blob/7c141b21ef38425b85e2f772277a19d94fdbcb31/api/system-settings/read#L36


      
          
          use strict;
          use NethServer::ApiTools qw(readInput error);
          
          use JSON;
          use esmith::ConfigDB;
          use esmith::HostsDB;
          use esmith::NetworksDB;
          my %ret;
          
          sub getUserSettingsPageHosts
          {
              # init databases
              my $hdb = esmith::HostsDB->open_ro();
              my $ndb = esmith::NetworksDB->open_ro();
              my $cdb = esmith::ConfigDB->open_ro();
              my $SystemName = $cdb->get_value('SystemName');
              my $DomainName = $cdb->get_value('DomainName');
          
              # define arrays
              my @aliases = ($SystemName . "." . $DomainName);

Andy_Wismer · March 25, 2024, 1:32pm

Salut Stephane

The URL of the user settings is showed with the URL below (redacted with domain.tld).

https://intranet.domain.tld/cockpit/@localhost/nethserver/index.html#/settings

The page as such shows this:

How could I remove the reference to 2FA (Not being used / usable in this environment, closed from Internet). 2FA is not activated in NS7, and as said, would probably not even work.

This made me quite unsure…

Could I just remove that segment of code - but would that be update safe?

Thanks for assistance here!

My 2 cents
Andy

stephdl · March 25, 2024, 2:56pm

it is in javascript code, you cannot as is remove it, I thought that you would remove the list of url available

If you want to make it broken then you could remove the update API, but the next cockpit update will make it available again. Saying that we do not know if we will push another update

Andy_Wismer · March 25, 2024, 5:06pm

How or where could I remove this?
From the snipplet above in the container?
Would removing the API remove the button?

Or could I remove the list of URLs and it would not appear with 2FA on the password change page?
(I think not, as the button would still be there).

I’m still not aware, where is actually Cockpit in NS7 - or better, where is the blob of Container stored in NS7?

I hope not, or by then be irrelevant (As upgraded to NS8).

Many thanks.

My 2 cents
Andy

stephdl · March 25, 2024, 6:24pm

You are on ns7 there is no container

stephdl · March 25, 2024, 6:24pm

No the button will still be there

Andy_Wismer · March 25, 2024, 6:44pm

Any way to remove the button?

The more one says “Don’t press the button!”, there will always be someone who does press the button…

Any way to remove a non working 2FA once set (by mistake)?

My 2 cents
Andy

dnutan · March 25, 2024, 7:51pm

Check the 2FA section from the documentation: Base system — NethServer 7 Final

In case of emergency, 2FA can be disabled accessing the server from a physical console like a keyboard and a monitor, a serial cable or a VNC-like connection for virtual machines:

access the system with user name and password

execute:
rm -f ~/.2fa.secret
sudo /sbin/e-smith/signal-event -j otp-save

Eventually, the root user can retrieve recovery codes for a user. Use the following command and replace with the actual user name :

oathtool -w 4 $(cat ~<user>/.2fa.secret)

Andy_Wismer · March 25, 2024, 8:14pm

@dnutan

I will test this.

My 2 cents
Andy

stephdl · March 25, 2024, 8:43pm

You have to validate the 2fa with an authentificator…it is not a simple I press a toggle…but 2 or 3 manual steps IIRC