Two Factor Authentication / OTP setup email QR code link 'Not Permitted'

chancegold · March 10, 2019, 9:11pm

I have activated (through admin) 2FA for a number of manager roles. Method is set to OTP App, QR expiry set to 900 seconds.

I have two users set up, one to function as a ‘subadmin’ and one to function as an employee manager account. Both correctly trigger the ‘Verify’ screen and setup emails, but the emails do not contain a QR code and the links open to ‘Not Permitted - Log in’.

Finding a mention of ntp issues in one of the existing 2FA posts, I reinstalled ntp on the server (digitalocean ubuntu-docker box running pipech’s production stack) and set up timezone to ensure that there shouldn’t be any issues on that front. I have scoured erpnext for doctypes/permissions related to OTP/2FA, but have found none. All existing posts I have found on here either don’t mention issues with the initial qr code, or state outright that that bit is working fine.

What am I missing?

side note- you da man, pipech. muchlove

chancegold · March 19, 2019, 10:01pm

Any one else encountering this?

I thought I may have figured it out with setting my site config for https v http, but nope.

I’m starting to think that it has something to do with being on Python 3 v Python 2. Is there a Py3 barcode library that needs to be manually installed/activated/something to replace huBarcode? Or is huBarcode even still used for qr generation?

I can’t find any reference whatsoever to this error, to Py3 barcode issues, or to 2-step/two factor authentication on here/google at large that’s more recent than ~2017/early 2018 (prior to the master introduction of barcode support).

johnskywalker · January 3, 2020, 1:40pm

Hi same issue, have you figured this out?

Vijay26 · March 29, 2020, 8:51am

Hello Team,

I am also getting same issue.
Can anyone help?