New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to log into Admin after clean install (without SMTP) #29312
Comments
Hi @DigitalStartupUK. Thank you for your report.
Please make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, please, add a comment to the issue:
For more details, please, review the Magento Contributor Assistant documentation. Please, add a comment to assign the issue:
🕙 You can find the schedule on the Magento Community Calendar page. 📞 The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, please join the Community Contributions Triage session to discuss the appropriate ticket. 🎥 You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel ✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel |
It's not directly related as this issue talks that smtp should be a documented requirement but current workaround for dev environments (that don't need to have smtp set up) is simply to disable 2fa
|
But at some point, 2FA needs to be enabled during Development/Production. And there is probably an argument that states "well, surely in a Development/Production environment you would have an SMTP enabled server." But speaking from experience, myself and many others use 3rd party SMTP providers - Which are normally configured in the Admin Backend. It just seems like a really overlooked part of the installation/setup process. What's the point of enforcing 2FA on installation to only immediately disable it? I'd simply prefer a simple CLI
I'm trying not to sound negative and whiny, but this lack of clarity is frustrating. |
Hi, i'am exactly on the same point ... same error, same step ... i will try another solution |
Hi, |
What a nightmare. Same issue here. This is the first time I encountered a 2fa setup situation that requires email. Usually you log into admin, enable 2fa and then set up the token logged into admin. |
In case anyone needs a temporary workaround to get this working without having SMTP set up:
|
A great Magento MX developer has created a module to disable double authentication. by @Rus0 |
Temporary solution to kick start your development, just disable Magento_TwoFactorAuth module. It worked for me.
|
Great security feature added for that administration login section of Magento however I have also ran into another weird issue that personally has stopped me from being able to set up 2FA on a fresh install. My issue is that magento does not use the domain name set for the outgoing email when sending the email out to set up 2FA on a fresh install instead it sends the email from I have now disabled the Magento_TwoFactorAuth module as described above and have managed to login to the admin interface but I am now in the process of figuring out how to reenable/set up 2FA. |
Did you get it to work? |
I see the same problem. I cannot get 2FA to work, since the mail is sent from owner@example.com |
Speechless @magento-admin ... |
Same issue with me while following Installation quick reference (tutorial) from Magento for now I have disabled module (until I setup SMTP), as suggested by @speedupmate |
Dropping this here for anyone having trouble configuring their mail in order to activate the 2FA.
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 14 days if no further activity occurs. Is this issue still relevant? If so, what is blocking it? Is there anything you can do to help move it forward? Thank you for your contributions! |
Other workaround (https://devdocs.magento.com/guides/v2.4/security/two-factor-authentication.html): Base32: https://emn178.github.io/online-tools/base32_encode.html |
What mean ? <Base32-encoded_string_for_the_shared_secret_value> |
@hgati no, the admin username ( |
Preconditions (*)
Steps to reproduce (*)
Expected result (*)
Actual result (*)
Please provide Severity assessment for the Issue as Reporter. This information will help during Confirmation and Issue triage processes.
If an SMTP enabled server is required to send a 2FA link to allow for an Admin to complete a first time login, then I feel this should be added as a prerequisite
However, if there is a way to get to the 2FA QR page without the need to receive an email then this should be documented more clearly.
I am aware of the Two-Factor Authentication (MFTF) documentation. Stating that you could bypass this by creating a "Base32-encoded string for the shared secret value" and then "Use the following key to add the encoded value to the MFTF .credentials file."
However, the documentation doesn't provide enough details on the requirements to do this. It also insinuates that this procedure is preferable for a Testing environment and not Development/Production.
If it turns out that these MFTF steps are considered "safe" to complete in a Development/Product environment then it would definately improve QoL if these variables could be set through the
bin/magento setup:install
values as stated in the Install the Magento software Documentation.The text was updated successfully, but these errors were encountered: