Skip to content

[Bug]: Personal background appears before 2FA is completed #35219

New issue
New issue
Open
Open
[Bug]: Personal background appears before 2FA is completed#35219
Labels
1. to developAccepted and waiting to be taken care of25-feedbackbugfeature: authenticationfeature: themingprivacy
@m4lvin

Description

@m4lvin
m4lvin
opened on Nov 16, 2022

⚠️ This issue respects the following points: ⚠️

  • This is a bug, not a question or a configuration/webserver/proxy issue.
  • This issue is not already reported on Github (I've searched it).
  • Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
  • Nextcloud Server is running on 64bit capable CPU, PHP and OS.
  • I agree to follow Nextcloud's Code of Conduct.

Bug description

I use the "TOTP (Authenticator app)" as second factor authentication (2FA).

After entering the correct password, on the URL /login/challenge/totp nextcloud already uses the custom background of the user trying to log in, and not the default background which is used at the log in form.

Steps to reproduce

  1. Enable TOTP.
  2. Enable a personal background or custom color.
  3. Log out.
  4. Log in, get asked for the otp.

Expected behavior

The default background should still be used until I have completed the log in. Someone who does not have the otp should not be able to see my personal background or custom color.

Installation method

Community Manual installation with Archive

Operating system

Debian/Ubuntu

PHP engine version

PHP 7.4

Web server

Apache (supported)

Database engine version

MySQL

Is this bug present after an update or on a fresh install?

Updated to a major version (ex. 22.2.3 to 23.0.1)

Are you using the Nextcloud Server Encryption module?

No response

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

No response

List of activated Apps

Enabled:
  - activity: 2.17.0
  - calendar: 4.1.0
  - circles: 25.0.0
  - cloud_federation_api: 1.8.0
  - comments: 1.15.0
  - contacts: 5.0.1
  - contactsinteraction: 1.6.0
  - dashboard: 7.5.0
  - dav: 1.24.0
  - external: 5.0.0
  - federatedfilesharing: 1.15.0
  - federation: 1.15.0
  - files: 1.20.1
  - files_external: 1.17.0
  - files_pdfviewer: 2.6.0
  - files_rightclick: 1.4.0
  - files_sharing: 1.17.0
  - files_trashbin: 1.15.0
  - files_versions: 1.18.0
  - gpoddersync: 3.7.1
  - logreader: 2.10.0
  - lookup_server_connector: 1.13.0
  - news: 19.0.0
  - notes: 4.6.0
  - notifications: 2.13.1
  - oauth2: 1.13.0
  - password_policy: 1.15.0
  - photos: 2.0.0
  - privacy: 1.9.0
  - provisioning_api: 1.15.0
  - recommendations: 1.4.0
  - related_resources: 1.0.3
  - serverinfo: 1.15.0
  - settings: 1.7.0
  - spreed: 15.0.1
  - support: 1.8.0
  - systemtags: 1.15.0
  - tasks: 0.14.5
  - text: 3.6.0
  - theming: 2.0.1
  - twofactor_backupcodes: 1.14.0
  - twofactor_totp: 7.0.0
  - updatenotification: 1.15.0
  - user_status: 1.5.0
  - viewer: 1.9.0
  - weather_status: 1.5.0
  - workflowengine: 2.7.0
Disabled:
  - admin_audit
  - bruteforcesettings: 2.0.1
  - encryption
  - firstrunwizard: 1.0
  - impersonate: 1.11.0
  - nextcloud_announcements: 1.0
  - phonetrack: 0.7.2
  - sharebymail: 1.5.0
  - survey_client: 0.1.5
  - suspicious_login
  - user_ldap

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    1. to developAccepted and waiting to be taken care of25-feedbackbugfeature: authenticationfeature: themingprivacy

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions