2FA active but does not check second factor for successful logins #14932

Open
opened 2025-11-02 11:26:08 -06:00 by GiteaMirror · 1 comment
Owner

Originally created by @ypsilonkah on GitHub (Sep 6, 2025).

Description

I had activated 2FA for my only user for some time now; initially, logging in required a second factor (as it should). However, since several versions, no second factor is asked and login is successfully done with user and password.

In the administrative settings, my user is flagged as 2FA active, in the user settings, 2FA is flagged as activated. I can deactivate and reactivate (and link my 2FA app again) but to no avail. Login does not require and does not ask for a second factor.

Adding a new user and activating 2FA works like it should: Logins require a second factor. I am quite unsure were to look for an error.

Gitea Version

1.24.5 (and prior)

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

https://gist.github.com/ypsilonkah/73dceeb75d30464130efe17da9d47e5f

Screenshots

No response

Git Version

https://gist.github.com/ypsilonkah/73dceeb75d30464130efe17da9d47e5f

Operating System

docker / ubuntu

How are you running Gitea?

Gitea is run via docker compose (image: gitea/gitea:latest); mysql as database container.

Database

MySQL/MariaDB

Originally created by @ypsilonkah on GitHub (Sep 6, 2025). ### Description I had activated 2FA for my only user for some time now; initially, logging in required a second factor (as it should). However, since several versions, no second factor is asked and login is successfully done with user and password. In the administrative settings, my user is flagged as 2FA active, in the user settings, 2FA is flagged as activated. I can deactivate and reactivate (and link my 2FA app again) but to no avail. Login does not require and does not ask for a second factor. Adding a new user and activating 2FA works like it should: Logins require a second factor. I am quite unsure were to look for an error. ### Gitea Version 1.24.5 (and prior) ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist https://gist.github.com/ypsilonkah/73dceeb75d30464130efe17da9d47e5f ### Screenshots _No response_ ### Git Version https://gist.github.com/ypsilonkah/73dceeb75d30464130efe17da9d47e5f ### Operating System docker / ubuntu ### How are you running Gitea? Gitea is run via docker compose (image: gitea/gitea:latest); mysql as database container. ### Database MySQL/MariaDB
GiteaMirror added the topic/authenticationtype/bug labels 2025-11-02 11:26:08 -06:00
Author
Owner

@ypsilonkah commented on GitHub (Oct 30, 2025):

I found the issue, I think. I have set up authentification via AUTHENTIK and had "Skip local 2FA" checked. When unchecking, standard logins require 2FA keys again. However, login via authentik/sso also requires the second 2FA from Gitea.

Login -> Authentik -> Authentik credentials + Authentik 2FA -> Gitea 2FA -> successful login

I think this behavior is faulty.

edit: Currently, I am in version 1.25.0

@ypsilonkah commented on GitHub (Oct 30, 2025): I found the issue, I think. I have set up authentification via AUTHENTIK and had "Skip local 2FA" checked. When unchecking, standard logins require 2FA keys again. However, login via authentik/sso also requires the second 2FA from Gitea. `Login -> Authentik -> Authentik credentials + Authentik 2FA -> Gitea 2FA -> successful login` I think this behavior is faulty. edit: Currently, I am in version 1.25.0
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#14932