Enable check

[rullzer]

As mentioned by @tobiasKaminsky

Maybe it would make sense to force a notification acceptance from a device other than a browser. So either mobile device (IOS/Android) or the desktop client. At least not the same browser as we are working from.

That way we verify people at least at that point have access to a second device.

[nickvergessen]

You should not be able to receive notifications in the same browser while trying to log in?

[rullzer]

@nickvergessen you do not. It when you enable. That you have to proof you have access to another session.

[tobiasKaminsky]

@nickvergessen this is to prevent following situation:

• create new user
• log in into web browser (only one and only session)
• turn on 2f notification
• log out
  --> now you can never ever login again

[rullzer]

This could be done by a special notifiation and then parsing to show it or not depending on the user agent.

[TheHendla]

I have activated 2FA on my Admin account and logged out for testing without a second active session. How i can got access back? At least i thought, there is a check for 2 active session?!

[nickvergessen]

./occ twofactorauth:disable <your userid>

[ghost]

I cut the branch under my butt too.
I still have a ftp access, but I am a beginner and don't know where to insert this line.
Do you have a helpful tip?

Greeting

[IanNicki]

This issue might be set as done. It is already working on the iOS / iPadOS Nextcloud application.
Can anybody confirm that it is also working on Android?

[nickvergessen]

There is no such check yet before setting up the provider.