Error While Trying to Enable Two Factor Authentication (2FA)

I was doing research to see if Mayan supported 2FA. Was going to post a question on the forums but first I thought I would do quick look in the docs. Nothing out right in the documents showed that it did and some googlefu linked back to the old forums. I did do a search on documentation website and did find it in the release notes for v4.2

The notes say to:

To enable TOTP authentication, set `AUTHENTICATION_BACKEND` to:
`mayan.apps.authentication_otp.authentication_backends.AuthenticationBackendModelUsernamePasswordTOTP`

for username and TOTP login. For email and TOTP logins use
`mayan.apps.authentication_otp.authentication_backends.AuthenticationBackendModelEmailPasswordTOTP`

I did this and restarted and now I do see the options to enable now.
image

But when I try and enable I get the Server Error screen. I tried to find a log file and found out the log file option was not enabled by default. Once I enabled the log file I did get the following error. While

tail -f /var/log/mayan/error.log 
2023-02-11 23:07:09,664 mayan.apps.logging.middleware.error_logging 
<1605311> [ERROR] "process_exception() line 15 Exception caught by request middleware;
<WSGIRequest: GET '/authentication_otp/otp/verify/
signed_secret=IlhKNlRZWlQ0TTdUQkNVUzZNVVVYU0lBNFdFQUdEUUJFIg%3A1pQyxZ%3Alr9n7KuM5FIxHnUHNrj5vr93UxLB82nZihJGtZb0f1Q'>, 
save() missing 1 required positional argument: 'stream'"

Full error message here on GitHub/Gist

Am I missing a step or is there an actual bug/error.

It was an actual error. The interface of the QRCode or the Pillow libraries changed after the upgrade and there was not test to detect this. This has been fixed, the QRCode widget simplified and a test added for avoid future regressions.

This will be included in bugfix version 4.4.4 in a few days.

Thanks for the report.

Awesome! Glad I could help!

1 Like

Version 4.4.4 is out and includes fixes for this. Please test it out when possible and let me know if it works for you.

Thanks for reporting this!

I updated my test environment from 4.4.2 to 4.4.4. The OTP code comes up and I am able to register and enable OTP for the account.

However I did find when enabling the OTP, and your are presented with the QR code, clicking Cancel button does NOT send you back but refreshes the same page, as the QR code changes

Edit: I went ahead and updated my production server as well and got the same results