Problem with the Two-Factor Authentication setting

Hello,
On my personal Joomla site, in Matomo version 4.1.1 I wanted to change some settings.
I enabled “two-factor authentication” but was surprised not to see the setting. When I wanted to change the menu to see other Matomo settings, I got a window for setting this function: "You must configure two-factor authentication before you can identify yourself.
Please follow the next steps to configure two-factor authentication. "
But, only then did I realize that I need to download an app on my mobile phone, scan a QR code, and enter an activation code.
The problem is, on my mobile phone, I cannot download an app.
So I am stuck at this stage and cannot go back. No “Cancel” or “Back” button to disable Two-Factor Authentication. So I no longer have access to Matomo statistics.
Via FTP, I modified the “config.ini.php” file by removing line 146: PluginsInstalled [] = “TwoFactorAuth” but that doesn’t change anything!
The question: How to disable this setting without having access to Matomo?
Via FTP, in which file can I deactivate it?

Thanks for your help.
Michael

In the online help (FAQ) for Matomo, I found this:
https://matomo.org/?s=TwoFactorAuth&lang=en

FAQ: How do I log in to my account when I cannot verify my account using two-factor authentication because I don’t have access to my mobile device

log in, you can disable two-factor authentication through the command line $ ./console twofactorauth:disable-2fa-for-user –login=yourlogin or if you use Matomo on our Cloud, please get in touch with our support….

So, if you can’t connect, you have to… connect !!
If I log in, I get the message:
“You must configure two-factor authentication before you can identify yourself.
Please follow the next steps to configure two-factor authentication."

Do you know where to enter the specified command line?

Hi,

It seems like the regular 2FA-setup process isn’t saved until you confirm with the code from the app. But if the administrator enables “Require 2FA for every user” in the general setting, nobody (including the admin) can log in until they set up 2FA.

On the console (command-line) of your webserver. But this just removes 2FA for a user which doesn’t help in your case.

Instead you can revert the setting in the database using this query (you might have to adjust the table name)

update matomo_plugin_setting
set setting_value=0
where setting_name = 'twoFactorAuthRequired'

I’ll have created an issue, so that this feature can’t be enabled unless at least one superuser has already set up 2FA:

1 Like

Hi Lukas,

Thank you for your answers.
Indeed, the regular 2FA-setup process isn’t saved. Voluntarily I did not finish it.

My website is hosted on a shared server. So I don’t think I have access to his console.

I will try this query in MySQL data base, although I am not familiar with queries in my database at all :frowning:

Well done for the initiative of this issue. This will avoid being confronted with my problem.

Could you make a modification in the FAQ to specify that the command line must be entered in the console of the WEB server? I have seen several old posts on the internet and in this forum that ask this question but get no answer.

The table is called “piwik_site_setting”.
I entered this request in phpMyAdmin:

update piwik_site_setting
set setting_value = 0
where setting_name = ‘twoFactorAuthRequired’

She performed well.

I reconnected to my Matomo account.
Unfortunately I still see the message:
“You must configure two-factor authentication before you can identify yourself.
Please follow the next steps to configure two-factor authentication."

It is not normal that there is not the possibility of backtracking in this message!

Hi,
No other ideas to help me solve this problem?

Hi,

Check the option table to see if the twoFactorAuthRequired value has really been changed. Maybe also delete the cache by deleting all files in matomo/tmp/

Hi Lukas,

In the option table, there is not twoFactorAuthRequired.
The regular 2FA-setup process isn’t saved.

I emptied Matomo’s cache but it doesn’t change anything.

Hi,

I found the issue:

The table is called matomo_plugin_setting (or in your case piwik_plugin_setting) not piwik_site_setting which you used in your setting.

(General SQL tip: After running the query you should see how many rows were modified)

OK.
I will re-launch the request later.
I have an appointment now

In the piwik_plugin_setting table, I manually changed the value in the row twoFactorAuthRequired 1 -> 0

Now I have access to my Matomo account again. :slight_smile:
Great !
Too bad, for 2 days, during this problem, Matomo has not recorded anything at all! I have no statistics.

Thanks a lot for your help.

Have a good day
Michael

1 Like

After regaining access to my Matomo account, I saw the 2 errors below and also saw that Matomo has not logged logins or stats since Tuesday. It’s not recording anything at all, even now!

The first mistake:

WARNING: /Piwik/core/Cookie.php(155): Warning - gmdate() expects parameter 2 to be int, float given - Matomo 4.1.1 - Please report this message in the Matomo forums: https://forum.matomo.org (please do a search first as it might have been reported already) (Module: UsersManager, Action: setIgnoreCookie, In CLI mode: false)

Do I have to modify a parameter? If so, which one and where?

The second is a tracking error:

Problem: The request was not authenticated but an authentication request was presented.
Solution: Define or correct the “token_auth” in your follow-up requests
Date: Mar.16, 2021, 5:56 p.m.
Page URL: A URL of my site
Tracking URL: idsite=1&rec=1&apiv=1&r=696963&cip=157.55.39.73&_id=002bb1eb4b5cb747&token_auth=TOKEN_AUTH&_idts…

Why this tracking error?
Do I need to create a new authentication token?
If so, the old statistics will not be lost?

Can I still ask for your help?
Thank you in advance

Hi,

idsite=1&rec=1&apiv=1&r=696963&cip=157.55.39.73

the cip= parameter should never be in a tracking request unless you are using something else than the JS tracking (e.g. log analytics).
If you use log-analytics, check if it is running successfully.

Regarding the first error it is hard to say what causes this without the stack trace (so the function that called this code).

I had disabled IP masking because I wanted to retrieve a hacker’s IP address.
Why is this tracking error now appearing?
Is it this error that is now blocking the logging of Matomo connections and statistics?
How can I reactivate the functioning of Matomo?

For the first error, in the personal settings I wanted to delete the cookie because Matomo previously did not take this into account and still recorded my visits. I deleted this cookie and right after I clicked to drop it again. So this error appeared.

Hi,

Matomo is no longer recording anything.
How can I reactivate the functioning of Matomo?
Do I need to create a new authentication token?

I have a new error when I log into my Matomo account for the first time today on my site:
In red :
Error: Form security failed. Please reload the form and check that your cookies are enabled. If you are using a proxy, you must configure Matomo to accept headers from the proxy that relay headers from the host. Also check that the header of your referrer is transmitted correctly.

On the second connection = no more errors.

For information: I don’t use a proxy.

Thanks for your help

Have a good day

Hi,

How can I restart Matomo’s recordings?

Damm even I am having a similar kind of issue, I have searched all over the internet and even have posted on number of threads on different forum, no solution seems to work. I am really frustrated, can anyone of you here help me resolve this issue, I am very much tired now.

Hi,

What similar problem do you have?
I have several error messages that I do not know how to resolve and Matomo no longer records anything at all.

Hi,

See new topic : Tracking error and Matomo blocked

This post was flagged by the community and is temporarily hidden.