1

As the question title says I was locked out of my admin page after upgrading to 2.4.0 due to the enforced 2FA. Now I see this page

enter image description here

The email that is sent though is not going to my user's email address but instead it goes out to [email protected]. So I'm unable to follow the instructions. Clicking on change your password just makes me return to the same page and sends another email to [email protected]

How do I recover from this situation?

--Additional info for troubleshooting --

After a lot of looking around in the logs, I experimented with adding a different address in [email protected] . This had an interesting aspect because it made me receive a bounce message. It seems that magento 2 is trying to send the email as [email protected] to the user email, however because SPF validation fails the message is silently discarded. The resulting email I saw towards [email protected] was the bounce message of the original email.

I then experimented with adding an account I own the top level domain for, and edited the SPF record to allow sending the email. I received the email normally and unlocked my account.

However I'm still curious why it's picking up [email protected] as the sender of the email and not the general contact email address.

Improve this question
1

3 Answers 3

Reset to default
1

Temporary you can disable this using this command :

php bin/magento module:disable Magento_TwoFactorAuth php bin/magento cache:flush

Then you can make the login, and if you want to enable it again then also do it from the command.

Improve this answer
3
  • When disabling the module I get this error Base table or view not found: 1146 Table 'tfa_user_config' doesn't exist, query was: SELECT tfa_user_config.* FROM tfa_user_config Commented Aug 1, 2020 at 12:56
  • have you tun run command from the CLI from magento root? Commented Aug 1, 2020 at 12:57
  • Yes, in the meantime I've added some info on the question on what I found regarding email sending. Commented Aug 1, 2020 at 13:01
1

It seems the message that was appearing to be sent to [email protected] was a bounce message.

The original message was being sent correctly to the registered user. However because the config option

trans_email/ident_general/email

was not set in the system. It used the default system value of [email protected]

This was causing the original TFA verification email to be sent from [email protected] to [email protected] then bouncing back to [email protected] due to SPF verification error.

Setting the config option on core_config_data table directly in the database didn't seem to have an effect. However by setting it on /vendor/magento/module-email/etc/config.xml I was able to make the SPF validation work and receive the email.

Afterwards it was easy to set up TFA.

I'm logging this answer here for future reference.

Improve this answer
0

  • create a new user with bin/magento admin:user:create

  • login with new user

  • manage the blocked user with admin controll

Cheers

Improve this answer
6
  • Same thing, the email is sent to [email protected] for some reason Commented Jul 31, 2020 at 12:31
  • 1
    Ok go in database and look for core_config_data table. Query -> select * from core_config_data where path like '%factor%' With this query you will see all configuration standard for the module 2factor auth. Try to change the default email Commented Jul 31, 2020 at 12:40
  • only these two paths are there - msp_securitysuite_twofactorauth/duo/application_key and - twofactorauth/duo/application_key Commented Jul 31, 2020 at 12:48
  • The module takes the email from user settings: 'user[email]' => $user->getEmail() Check please if the email of the user is correct Commented Jul 31, 2020 at 13:01
  • Also the [email protected] mail is only used here /vendor/magento/module-email/etc/config.xml:42 for transactional email Commented Jul 31, 2020 at 13:04

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.