Checklist
I have read intro post: https://community.passbolt.com/t/about-the-installation-issues-category/12
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue
Kube hosted version: passbolt:5.4.1-1-ce
Healthcheck is OK
Everything works OK
MFA enabled + replaced per user with company one TOTP
It hapenned already twice when a user after vacation time not logged in for a month tried to login/recover the account. Providing passphrase & key file looped him in the process. As far the account recovery != password reset it was unable for them log in.
Its kinda blocker point in any way in this situation to be able to assint the user.
Potential password loss is known when its not shared but still it would be more than welcome to have some reset poss. for administrator.
Unless deleting an acount there was the only thing possible from admin: try to disable their MFA.
That did the trick, account recovery done, MFA enabled back again.
I would consider this as a bug. Can you please check?
Lets see if its going to happen again even the users are active.
The only reasonable explanation for me is some irrelevant relation from MFA which is valid for 1 month per device.
Extra steps to be done:
admin → disable users MFA
user → recover account
user → enable MFA
+in our case
admin →replace MFA token with the existing TOTP company one
user → test/relogin with updated MFA
Regards
Zbynek