Rocket.chat: [BUG] 2FA Challenge is not provided with LDAP authentication

• [x] REST API (#11731)
• [x] Web inteface (#11726)

Yes this is also happening to our instance, I noticed my 2FA hasn't worked for a while and I chalked it up to cached logins but that is definitely not the case. Thanks

Still waiting for implement this.

Any progress on this by chance? Thanks

This was reported in July and is still an issue. Any progress?

We have the same problem! We really need this option for production.
Great product b.t.w. Thanks!

Any news here?

Yeah, I feel like this really needs some attention.

Thanks

On Wed, Jan 30, 2019 at 9:01 AM Marcin Korzycki notifications@github.com
wrote:

Any news here?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/RocketChat/Rocket.Chat/issues/11570#issuecomment-458953840,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABUYCsJdbXdlqMCHTa1zRRDd1So33_eDks5vIaWxgaJpZM4VhUk5
.

Any updates on it? The feature is critical for companies I think.

Is it possible to sponsor this one? If so, how?

0.7.4.3 version RC&LDAP. still the same bug... or maybe we do not correclty undersutd that functional? 2fa login or 2fa works by itself..? becauze 2fa works by itself well, ask code from Goo-2fa app... but whats the point ot them? %)

Is it possible to sponsor this one? If so, how?

in release tread - https://github.com/RocketChat/Rocket.Chat on bottom page yellow button donate. press here and you surf to paypal donates-service

@MarcosSpessatto can you take a look in this one?

@theorenck please see: https://github.com/RocketChat/Rocket.Chat/pull/11731#issuecomment-454132142.
We must have this PR Merged.

1.0.0 released - still no 2fa ldap fixed...

Really hope this will be fixed in 1.1.0

Docker image v 1.1.1, still not working.

Running version 1.3.2, this is still an issue. Even though 2-FA is enabled in my account, I'm not being presented with the challenge during login.

This essentially renders this feature broken, and make Rocket.Chat as a whole less secure. Authentication that is behaving unexpectedly is really bad.

Since this used to work fine a lot of versions ago, this should be considered as regression. People that have previously enabled this security feature, might not notice that it is no longer working.

It's in the 2.0.0 milestone now. Hope it arrives there since that one contains a lot of LDAP features we have also waited for.

Oh...moved to 2.2.0. This is disappointing... :/

Still not implemented? pfff

2.20 is here but no changes still not fixed, It look like they just moving this bug every new milestone without plan to work on it. If you guys have no plans to touch it why you add to every new milestone ?

2.20 is here but no changes still not fixed, It look like they just moving this bug every new milestone without plan to work on it. If you guys have no plans to touch it why you add to every new milestone ?

Because the bug still exists, but for whatever good reason it has not net fixed yet. Milestone is just a target. This is Open Source - there are no guarantees. Developers may have different priorities with their existing paying customers. It may be important to you, but not the developers.

There are a number of other things that also have to be fixed first to enable this (follow the PR links above)

You have a number of available options:

You can fix it yourself and contribute the PR.
You could employ a developer to fix it for you and contribute the PR.
You can pay for support and ask for it to be fixed.
You can Donate https://github.com/RocketChat/Rocket.Chat#donate
You have to wait quietly and patiently and hope that the developers decide to fix it.

And you quick you make confirm PR?

--

Gerasim Shaverdov | Deputy CTO | Altarix

Mobile: +7 937 070 66 84 | Skype/email: gerasim@altarix.ru [email protected]
Lenina av.25, Samara, Russia, 443068

From: John Crisp notifications@github.com
Sent: Thursday, November 7, 2019 3:12 PM
To: RocketChat/Rocket.Chat Rocket.Chat@noreply.github.com
Cc: Шавердов Герасим Сергеевич gerasim@altarix.ru; Comment comment@noreply.github.com
Subject: Re: [RocketChat/Rocket.Chat] [BUG] 2FA Challenge is not provided with LDAP authentication (#11570)

2.20 is here but no changes still not fixed, It look like they just moving this bug every new milestone without plan to work on it. If you guys have no plans to touch it why you add to every new milestone ?

Because the bug still exists, but for whatever good reason it has not net fixed yet. Milestone is just a target. This is Open Source - there are no guarantees. Developers may have different priorities with their existing paying customers. It may be important to you, but not the developers.

There are a number of other things that also have to be fixed first to enable this (follow the PR links above)

You have a number of available options:

You can fix it yourself and contribute the PR.
You could employ a developer to fix it for you and contribute the PR.
You can pay for support and ask for it to be fixed.
You can Donate https://github.com/RocketChat/Rocket.Chat#donate
You have to wait quietly and patiently and hope that the developers decide to fix it.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/RocketChat/Rocket.Chat/issues/11570?email_source=notifications&email_token=AKOGQJRM5TINSCBTNMK26A3QSPZZHA5CNFSM4FMFJE42YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEDMB6ZA#issuecomment-551034724 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AKOGQJRQRPGELKZQ2XIR3JDQSPZZHANCNFSM4FMFJE4Q .

Because the bug still exists, but for whatever good reason it has not net fixed yet. Milestone is just a target. This is Open Source - there are no guarantees. Developers may have different priorities with their existing paying customers. It may be important to you, but not the developers.

I think people understand that there might be other priorities. But if 2FA is broken, it should be shipped with the feature disabled.

Interestingly, I need to provide a code for authentication via REST API. Neither the web front end nor the Linux client are asking for the 2FA, but REST will...

2.3.2 version...but still not working in electron and web client

Any news about this issue?

Maybe someone was able to solve this problem indirectly
And are there any workarounds to get this working now?

Anyone aware of an update or work-around for this?

Guys, we need to have this PR merged before.

Just a quick note, the PR mentioned by @MarcosSpessatto is scheduled to this month release.

@rodrigok Hey, do you know if there is another ETA for the PR mentionned by @MarcosSpessatto ?

any update on this? It's still not working in version 3.7.0.
That's a critical bug in an company environment