Hi Christos, I found the issue. I was using the default config, but it is reproducible with MFA_SUPPORTED_METHODS = ["authenticator"]. As a workaround, you can remove MFA_SUPPORTED_METHODS from your config_system. It will show up the email option in 2FA setup but 2FA will work fine. Do you mind reporting the issue here for tracking - https://github.com/pgadmin-org/pgadmin4/issues?
On Thu, Jul 27, 2023 at 4:27 PM Christos Roussidis < [email protected]> wrote: > This is the log dump I am getting. I have setup the 2FA already with an > authenticator and when I log in using my credentials I get the below error. > > 2023-07-27 12:53:14,574: ERROR pgadmin: 'mfa.send_email_code' > Traceback (most recent call last): > File "/usr/pgadmin4/venv/lib/python3.10/site-packages/flask/app.py", line > 1823, in full_dispatch_request > rv = self.dispatch_request() > File "/usr/pgadmin4/venv/lib/python3.10/site-packages/flask/app.py", line > 1799, in dispatch_request > return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) > File > "/usr/pgadmin4/venv/lib/python3.10/site-packages/flask_login/utils.py", > line 290, in decorated_view > return current_app.ensure_sync(func)(*args, **kwargs) > File "/usr/pgadmin4/web/pgadmin/authenticate/mfa/views.py", line 137, in > validate_view > return Response(render_template( > File "/usr/pgadmin4/venv/lib/python3.10/site-packages/flask/templating.py", > line 147, in render_template > return _render(app, template, context) > File "/usr/pgadmin4/venv/lib/python3.10/site-packages/flask/templating.py", > line 130, in _render > rv = template.render(context) > File > "/usr/pgadmin4/venv/lib/python3.10/site-packages/jinja2/environment.py", > line 1301, in render > self.environment.handle_exception() > File > "/usr/pgadmin4/venv/lib/python3.10/site-packages/jinja2/environment.py", > line 936, in handle_exception > raise rewrite_traceback_stack(source=source) > File > "/usr/pgadmin4/web/pgadmin/authenticate/mfa/templates/mfa/validate.html", > line 2, in top-level template code > {% set page_props = { > File "/usr/pgadmin4/venv/lib/python3.10/site-packages/flask/app.py", line > 2020, in url_for > self.inject_url_defaults(endpoint, values) > File "/usr/pgadmin4/venv/lib/python3.10/site-packages/flask/app.py", line > 2257, in inject_url_defaults > func(endpoint, values) > File "/usr/pgadmin4/web/pgadmin/__init__.py", line 883, in > add_internal_version > urls = [url for url in app.url_map.iter_rules(endpoint)] > File > "/usr/pgadmin4/venv/lib/python3.10/site-packages/werkzeug/routing/map.py", > line 164, in iter_rules > return iter(self._rules_by_endpoint[endpoint]) > KeyError: 'mfa.send_email_code' > > > On Thu, Jul 27, 2023 at 12:50 PM Aditya Toshniwal < > [email protected]> wrote: > >> Hi Christos, >> >> 2FA is applicable for server mode only. And I tested in server mode. I >> used pgAdmin default config. >> Can you please share the screenshot and logs for v7.5? >> >> On Thu, Jul 27, 2023 at 4:05 PM Christos Roussidis < >> [email protected]> wrote: >> >>> Hello Aditya, >>> >>> Thank you for your prompt response, >>> >>> Did it work on the desktop mode or in server mode? I face that problem >>> in the server mode. >>> >>> I will send you the configuration I have set >>> >>> OS: debian 11 >>> pgadmin4 version :7.3 (working, but error is being printed in logs), 7.5 >>> (not working) >>> config file location: /etc/pgadmin/config_system.py >>> >>> Contents of config file >>> >>> ########################################################################## >>> # Two-factor Authentication Configuration >>> >>> ########################################################################## >>> >>> # Set it to True, to enable the two-factor authentication >>> MFA_ENABLED = True >>> >>> # Set it to True, to ask the users to register forcefully for the >>> # two-authentication methods on logged-in. >>> MFA_FORCE_REGISTRATION = False >>> >>> # pgAdmin supports Two-factor authentication by either sending an >>> one-time code >>> # to an email, or using the TOTP based application like Google >>> Authenticator. >>> MFA_SUPPORTED_METHODS = ["authenticator"] >>> >>> # NOTE: Please set the 'Mail server settings' to use 'email' as >>> two-factor >>> # authentication method. >>> >>> # Subject for the email verification code >>> # Default: <APP_NAME> - Verification Code >>> # e.g. pgAdmin 4 - Verification Code >>> MFA_EMAIL_SUBJECT = None >>> >>> >>> These are all the settings that I have and experiencing the issue (also, >>> having postfix installed or not doesn't change anything as the issue >>> persists on two different machines) >>> >>> Thank you in advance. >>> Kind Regards, >>> Christos >>> >>> On Thu, Jul 27, 2023 at 12:27 PM Aditya Toshniwal < >>> [email protected]> wrote: >>> >>>> Hi Christos, >>>> >>>> I tried simply setting up 2FA without SMTP config and things worked >>>> fine. No email required and no errors. >>>> The password reset is required to send email as pgAdmin needs to send >>>> the reset link for the first "email with password" authentication. >>>> >>>> On Thu, Jul 27, 2023 at 3:34 PM Christos Roussidis < >>>> [email protected]> wrote: >>>> >>>>> Hello, >>>>> >>>>> I would like to ask you a question regarding the mail server. So when >>>>> running pgadmin4 in server mode it requires a mail server to send emails >>>>> for things like 2FA and password reset. >>>>> >>>>> It seems impossible though to disable that function. Our setup doesn't >>>>> need a mail server at all as we only use authenticator for the 2FA and >>>>> admins are able to configure passwords and change them for the rare case >>>>> that the user needs a reset on them. >>>>> >>>>> On version 7.3 I am getting in logs the error >>>>> > 2023-07-27 11:37:09,086: ERROR pgadmin: 'mfa.send_email_code' >>>>> >>>>> The above error on version 7.5 is not silent anymore and even breaks >>>>> our running pgadmin4 instance. It would really help if we had a toggle >>>>> switch in the settings where we could completely disable the mail server >>>>> functionality. >>>>> >>>>> Thank you in advance >>>>> >>>>> >>>> >>>> >>>> -- >>>> Thanks, >>>> Aditya Toshniwal >>>> pgAdmin Hacker | Sr. Software Architect | *enterprisedb.com* >>>> <https://www.enterprisedb.com/> >>>> "Don't Complain about Heat, Plant a TREE" >>>> >>> >> >> -- >> Thanks, >> Aditya Toshniwal >> pgAdmin Hacker | Sr. Software Architect | *enterprisedb.com* >> <https://www.enterprisedb.com/> >> "Don't Complain about Heat, Plant a TREE" >> > -- Thanks, Aditya Toshniwal pgAdmin Hacker | Sr. Software Architect | *enterprisedb.com* <https://www.enterprisedb.com/> "Don't Complain about Heat, Plant a TREE"
