[Bug]: New user 2FA six digit token error #58985
Description
⚠️ This issue respects the following points: ⚠️
- This is a bug, not a question or a configuration/webserver/proxy issue.
- This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
- Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- I agree to follow Nextcloud's Code of Conduct.
Bug description
When creating a new user with 2FA enforced, the user has to "proof" that he saved the token to a password manager or 2FA app, by providing a 6 digit code.
After that is done correctly, the user may sign in.
Unforunatly, even though the 6 digit code is still valid (because the 30 sec have no passed yet) the user will get an error when trying to log in and has to wait until a new code is generated.
Steps to reproduce
- Have 2FA enforced
- create a new user called testuser2
- try to login with that user
- create a 2fa code in a password app
- You now can't login with the six digit code. It does not work, neither with Apple Passwords nor with Bitwarden. You have to wait until the current valid six digit code expires and you get a new one
- with the new one, you can log in
Expected behavior
Login with the first, valid six digit code, not with the second one.
Nextcloud Server version
33
Operating system
Debian/Ubuntu
PHP engine version
PHP 8.5
Web server
Apache (supported)
Database engine version
PostgreSQL
Is this bug present after an update or on a fresh install?
Fresh Nextcloud Server install
Are you using the Nextcloud Server Encryption module?
Encryption is Disabled
What user-backends are you using?
- Default user-backend (database)
- LDAP/ Active Directory
- SSO - SAML
- Other
Configuration report
{
"system": {
"one-click-instance": true,
"one-click-instance.user-limit": 100,
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"check_data_directory_permissions": false,
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"password": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"overwritehost": "nextcloud.salzmann.solutions",
"overwriteprotocol": "https",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"nextcloud.salzmann.solutions"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "pgsql",
"version": "33.0.0.16",
"overwrite.cli.url": "https:\/\/nextcloud.salzmann.solutions\/",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"maintenance": false,
"updatechecker": true,
"updatedirectory": "\/nc-updater",
"loglevel": 2,
"app_install_overwrite": [
"nextcloud-aio"
],
"log_type": "file",
"logfile": "\/var\/www\/html\/data\/nextcloud.log",
"log_rotate_size": 10485760,
"log.condition": {
"apps": [
"admin_audit"
]
},
"preview_max_x": 2048,
"preview_max_y": 2048,
"jpeg_quality": 60,
"enabledPreviewProviders": {
"1": "OC\\Preview\\Image",
"2": "OC\\Preview\\MarkDown",
"3": "OC\\Preview\\MP3",
"4": "OC\\Preview\\TXT",
"5": "OC\\Preview\\OpenDocument",
"6": "OC\\Preview\\Movie",
"7": "OC\\Preview\\Krita",
"0": "OC\\Preview\\Imaginary",
"23": "OC\\Preview\\ImaginaryPDF"
},
"enable_previews": true,
"upgrade.disable-web": true,
"mail_smtpmode": "smtp",
"trashbin_retention_obligation": "auto, 30",
"versions_retention_obligation": "auto, 30",
"activity_expire_days": 30,
"simpleSignUpLink.shown": false,
"share_folder": "\/Shared",
"one-click-instance.link": "https:\/\/nextcloud.com\/all-in-one\/",
"upgrade.cli-upgrade-link": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/2726",
"maintenance_window_start": 100,
"allow_local_remote_servers": true,
"davstorage.request_timeout": 7200,
"documentation_url.server_logs": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/5425",
"htaccess.RewriteBase": "\/",
"dbpersistent": false,
"auth.bruteforce.protection.enabled": true,
"ratelimit.protection.enabled": true,
"files_external_allow_create_new_local": false,
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
"preview_imaginary_key": "***REMOVED SENSITIVE VALUE***",
"default_phone_region": "CH",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauth": true,
"mail_smtpport": "465",
"mail_sendmailmode": "smtp",
"mail_smtpstreamoptions": {
"ssl": {
"allow_self_signed": false,
"verify_peer": true,
"verify_peer_name": true
}
},
"twofactor_enforced": "true",
"twofactor_enforced_groups": [],
"twofactor_enforced_excluded_groups": [],
"mail_smtpsecure": "ssl",
"skeletondirectory": "",
"templatedirectory": "",
"serverid": "2",
"default_language": "de_CH",
"default_locale": "de_CH",
"DOMAIN": "nextcloud.salzmann.solutions",
"AIO_VERSION": "v12.8.0"
}
}
{
"system": {
"one-click-instance": true,
"one-click-instance.user-limit": 100,
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"check_data_directory_permissions": false,
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"password": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"overwritehost": "nextcloud.salzmann.solutions",
"overwriteprotocol": "https",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"nextcloud.salzmann.solutions"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "pgsql",
"version": "33.0.0.16",
"overwrite.cli.url": "https:\/\/nextcloud.salzmann.solutions\/",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"maintenance": false,
"updatechecker": true,
"updatedirectory": "\/nc-updater",
"loglevel": 2,
"app_install_overwrite": [
"nextcloud-aio"
],
"log_type": "file",
"logfile": "\/var\/www\/html\/data\/nextcloud.log",
"log_rotate_size": 10485760,
"log.condition": {
"apps": [
"admin_audit"
]
},
"preview_max_x": 2048,
"preview_max_y": 2048,
"jpeg_quality": 60,
"enabledPreviewProviders": {
"1": "OC\\Preview\\Image",
"2": "OC\\Preview\\MarkDown",
"3": "OC\\Preview\\MP3",
"4": "OC\\Preview\\TXT",
"5": "OC\\Preview\\OpenDocument",
"6": "OC\\Preview\\Movie",
"7": "OC\\Preview\\Krita",
"0": "OC\\Preview\\Imaginary",
"23": "OC\\Preview\\ImaginaryPDF"
},
"enable_previews": true,
"upgrade.disable-web": true,
"mail_smtpmode": "smtp",
"trashbin_retention_obligation": "auto, 30",
"versions_retention_obligation": "auto, 30",
"activity_expire_days": 30,
"simpleSignUpLink.shown": false,
"share_folder": "\/Shared",
"one-click-instance.link": "https:\/\/nextcloud.com\/all-in-one\/",
"upgrade.cli-upgrade-link": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/2726",
"maintenance_window_start": 100,
"allow_local_remote_servers": true,
"davstorage.request_timeout": 7200,
"documentation_url.server_logs": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/5425",
"htaccess.RewriteBase": "\/",
"dbpersistent": false,
"auth.bruteforce.protection.enabled": true,
"ratelimit.protection.enabled": true,
"files_external_allow_create_new_local": false,
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
"preview_imaginary_key": "***REMOVED SENSITIVE VALUE***",
"default_phone_region": "CH",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauth": true,
"mail_smtpport": "465",
"mail_sendmailmode": "smtp",
"mail_smtpstreamoptions": {
"ssl": {
"allow_self_signed": false,
"verify_peer": true,
"verify_peer_name": true
}
},
"twofactor_enforced": "true",
"twofactor_enforced_groups": [],
"twofactor_enforced_excluded_groups": [],
"mail_smtpsecure": "ssl",
"skeletondirectory": "",
"templatedirectory": "",
"serverid": "2",
"default_language": "de_CH",
"default_locale": "de_CH",
"DOMAIN": "nextcloud.salzmann.solutions",
"AIO_VERSION": "v12.8.0"
}
}
{
"system": {
"one-click-instance": true,
"one-click-instance.user-limit": 100,
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"check_data_directory_permissions": false,
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"password": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"overwritehost": "nextcloud.salzmann.solutions",
"overwriteprotocol": "https",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"nextcloud.salzmann.solutions"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "pgsql",
"version": "33.0.0.16",
"overwrite.cli.url": "https:\/\/nextcloud.salzmann.solutions\/",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"maintenance": false,
"updatechecker": true,
"updatedirectory": "\/nc-updater",
"loglevel": 2,
"app_install_overwrite": [
"nextcloud-aio"
],
"log_type": "file",
"logfile": "\/var\/www\/html\/data\/nextcloud.log",
"log_rotate_size": 10485760,
"log.condition": {
"apps": [
"admin_audit"
]
},
"preview_max_x": 2048,
"preview_max_y": 2048,
"jpeg_quality": 60,
"enabledPreviewProviders": {
"1": "OC\\Preview\\Image",
"2": "OC\\Preview\\MarkDown",
"3": "OC\\Preview\\MP3",
"4": "OC\\Preview\\TXT",
"5": "OC\\Preview\\OpenDocument",
"6": "OC\\Preview\\Movie",
"7": "OC\\Preview\\Krita",
"0": "OC\\Preview\\Imaginary",
"23": "OC\\Preview\\ImaginaryPDF"
},
"enable_previews": true,
"upgrade.disable-web": true,
"mail_smtpmode": "smtp",
"trashbin_retention_obligation": "auto, 30",
"versions_retention_obligation": "auto, 30",
"activity_expire_days": 30,
"simpleSignUpLink.shown": false,
"share_folder": "\/Shared",
"one-click-instance.link": "https:\/\/nextcloud.com\/all-in-one\/",
"upgrade.cli-upgrade-link": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/2726",
"maintenance_window_start": 100,
"allow_local_remote_servers": true,
"davstorage.request_timeout": 7200,
"documentation_url.server_logs": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/5425",
"htaccess.RewriteBase": "\/",
"dbpersistent": false,
"auth.bruteforce.protection.enabled": true,
"ratelimit.protection.enabled": true,
"files_external_allow_create_new_local": false,
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
"preview_imaginary_key": "***REMOVED SENSITIVE VALUE***",
"default_phone_region": "CH",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauth": true,
"mail_smtpport": "465",
"mail_sendmailmode": "smtp",
"mail_smtpstreamoptions": {
"ssl": {
"allow_self_signed": false,
"verify_peer": true,
"verify_peer_name": true
}
},
"twofactor_enforced": "true",
"twofactor_enforced_groups": [],
"twofactor_enforced_excluded_groups": [],
"mail_smtpsecure": "ssl",
"skeletondirectory": "",
"templatedirectory": "",
"serverid": "2",
"default_language": "de_CH",
"default_locale": "de_CH",
"DOMAIN": "nextcloud.salzmann.solutions",
"AIO_VERSION": "v12.8.0"
}
}List of activated Apps
Enabled:
- bruteforcesettings: 6.0.0-dev.0
- calendar: 6.2.1
- circles: 33.0.0
- cloud_federation_api: 1.17.0
- dav: 1.36.0
- federatedfilesharing: 1.23.0
- files: 2.5.0
- files_pdfviewer: 6.0.0-dev.0
- files_reminders: 1.6.0
- files_sharing: 1.25.2
- files_trashbin: 1.23.0
- files_versions: 1.26.0
- logreader: 6.0.0
- lookup_server_connector: 1.21.0
- nextcloud-aio: 0.8.0
- nextcloud_announcements: 5.0.0
- notifications: 6.0.0
- notify_push: 1.3.1
- oauth2: 1.21.0
- password_policy: 5.0.0-dev.0
- privacy: 5.0.0-dev.0
- profile: 1.2.0
- provisioning_api: 1.23.0
- richdocuments: 10.1.0
- serverinfo: 5.0.0-dev.0
- settings: 1.16.0
- support: 5.0.0
- survey_client: 5.0.0-dev.0
- text: 7.0.0-dev.3
- theming: 2.8.0
- twofactor_backupcodes: 1.22.0
- twofactor_totp: 15.0.0-dev.0
- updatenotification: 1.23.0
- viewer: 6.0.0-dev.0
- webhook_listeners: 1.5.0
- workflowengine: 2.15.0
Disabled:
- activity: 6.0.0-dev.0 (installed 6.0.0-dev.0)
- admin_audit: 1.23.0 (installed 1.23.0)
- app_api: 33.0.0 (installed 33.0.0)
- comments: 1.23.0 (installed 1.23.0)
- contactsinteraction: 1.14.1 (installed 1.14.1)
- dashboard: 7.13.0 (installed 7.13.0)
- encryption: 2.21.0
- federation: 1.23.0 (installed 1.23.0)
- files_downloadlimit: 5.1.0-dev.0 (installed 5.1.0-dev.0)
- files_external: 1.25.1
- firstrunwizard: 6.0.0-dev.0 (installed 6.0.0-dev.0)
- photos: 6.0.0-dev.0 (installed 6.0.0-dev.0)
- recommendations: 6.0.0-dev.0 (installed 6.0.0-dev.0)
- related_resources: 4.0.0-dev.0 (installed 4.0.0-dev.0)
- sharebymail: 1.23.0 (installed 1.23.0)
- suspicious_login: 11.0.0-dev.0
- systemtags: 1.23.0 (installed 1.23.0)
- twofactor_nextcloud_notification: 7.0.0
- user_ldap: 1.24.0
- user_status: 1.13.0 (installed 1.13.0)
- weather_status: 1.13.0 (installed 1.13.0)
- bruteforcesettings: 6.0.0-dev.0
- calendar: 6.2.1
- circles: 33.0.0
- cloud_federation_api: 1.17.0
- dav: 1.36.0
- federatedfilesharing: 1.23.0
- files: 2.5.0
- files_pdfviewer: 6.0.0-dev.0
- files_reminders: 1.6.0
- files_sharing: 1.25.2
- files_trashbin: 1.23.0
- files_versions: 1.26.0
- logreader: 6.0.0
- lookup_server_connector: 1.21.0
- nextcloud-aio: 0.8.0
- nextcloud_announcements: 5.0.0
- notifications: 6.0.0
- notify_push: 1.3.1
- oauth2: 1.21.0
- password_policy: 5.0.0-dev.0
- privacy: 5.0.0-dev.0
- profile: 1.2.0
- provisioning_api: 1.23.0
- richdocuments: 10.1.0
- serverinfo: 5.0.0-dev.0
- settings: 1.16.0
- support: 5.0.0
- survey_client: 5.0.0-dev.0
- text: 7.0.0-dev.3
- theming: 2.8.0
- twofactor_backupcodes: 1.22.0
- twofactor_totp: 15.0.0-dev.0
- updatenotification: 1.23.0
- viewer: 6.0.0-dev.0
- webhook_listeners: 1.5.0
- workflowengine: 2.15.0
Disabled:
- activity: 6.0.0-dev.0 (installed 6.0.0-dev.0)
- admin_audit: 1.23.0 (installed 1.23.0)
- app_api: 33.0.0 (installed 33.0.0)
- comments: 1.23.0 (installed 1.23.0)
- contactsinteraction: 1.14.1 (installed 1.14.1)
- dashboard: 7.13.0 (installed 7.13.0)
- encryption: 2.21.0
- federation: 1.23.0 (installed 1.23.0)
- files_downloadlimit: 5.1.0-dev.0 (installed 5.1.0-dev.0)
- files_external: 1.25.1
- firstrunwizard: 6.0.0-dev.0 (installed 6.0.0-dev.0)
- photos: 6.0.0-dev.0 (installed 6.0.0-dev.0)
- recommendations: 6.0.0-dev.0 (installed 6.0.0-dev.0)
- related_resources: 4.0.0-dev.0 (installed 4.0.0-dev.0)
- sharebymail: 1.23.0 (installed 1.23.0)
- suspicious_login: 11.0.0-dev.0
- systemtags: 1.23.0 (installed 1.23.0)
- twofactor_nextcloud_notification: 7.0.0
- user_ldap: 1.24.0
- user_status: 1.13.0 (installed 1.13.0)
- weather_status: 1.13.0 (installed 1.13.0)Nextcloud Signing status
No errors have been found.Nextcloud Logs
nothing recentAdditional info
You might think this is a small issue. But if we ask non-technical users to use 2FA, that is enough to ask without these rough edges. This should work the first time.