Remove Two-Factor Authentication for SOGo

[MauritiusPohl]

Prior to placing the issue, please check following: (fill out each checkbox with an X once done)

• I understand that not following or deleting the below instructions will result in immediate closure and/or deletion of my issue.
• I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• I have understood that answers are voluntary and community-driven, and not commercial support.
• I have verified that my issue has not been already answered in the past. I also checked previous issues.

Summary

In the documention it is explained how to reset 2FA for Sogo:
https://mailcow.github.io/mailcow-dockerized-docs/troubleshooting/debug-reset_pw/
but this command did not work.
I searched a little bit and found the following solution:
https://sandstorm.de/de/blog/post/how-to-reset-u2f-for-sogo-user-in-mailcow.html
i changed the SQL Statement to the the new database shema:

UPDATE sogo_user_profile
  SET c_defaults = REPLACE(
    c_defaults,
    "\"SOGoTOTPEnabled\": 1",
    "\"SOGoTOTPEnabled\": 0")
  WHERE c_uid = "[email protected]";

This works.Is it possible to create an script for to this?
Definitely the documention should be updated.

Logs

Reproduction

I tried also following command but that did not work:
docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults [email protected] SOGoTOTPEnabled '{"SOGoTOTPEnabled":0}'

System information

Question	Answer
My operating system	Debian 11
Is Apparmor, SELinux or similar active?	No
Virtualization technlogy (KVM, VMware, Xen, etc - LXC and OpenVZ are not supported	KVM
Server/VM specifications (Memory, CPU Cores)	16GB, 6Cores
Docker Version (docker version)	20.10.12
Docker-Compose Version (docker-compose version)	1.29.2
Reverse proxy (custom solution)	NGINX

• Output of git diff origin/master, any other changes to the code? If so, please post them.
• All third-party firewalls and custom iptables rules are unsupported. Please check the Docker docs about how to use Docker with your own ruleset. Nevertheless, iptabels output can help us to help you: iptables -L -vn, ip6tables -L -vn, iptables -L -vn -t nat and ip6tables -L -vn -t nat.
• DNS problems? Please run docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254 (set the IP accordingly, if you changed the internal mailcow network) and post the output.

[MAGICCC]

Hm thats strange.
Indeed SOGo changed the name of the field to SOGoTOTPEnabled in Alinto/sogo@20b2fd5 https://www.sogo.nu/bugs/view.php?id=5294, https://newreleases.io/project/github/inverse-inc/sogo/release/SOGo-5.2.0
I just tried on my server docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults [email protected] SOGoTOTPEnabled '{"SOGoTOTPEnabled":0}' and it removes the 2FA

[MauritiusPohl]

For me only the SQL Statement works.
When i try
docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults [email protected] SOGoTOTPEnabled '{"SOGoTOTPEnabled":0}'
it did not work and i get no error.
When i try
docker-compose exec sogo-mailcow /bin/bash sogo-tool user-preferences set defaults [email protected] SOGoTOTPEnabled '{"SOGoTOTPEnabled":0}'
I got the following error:
2022-02-26 18:15:17.619 sogo-tool[244:244] ERROR(+[GCSFolderManager defaultFolderManager]): default 'OCSFolderInfoURL' is not configured. <0x0x55b036e8ed50[SOGoCache]> Cache cleanup interval set every 900.000000 seconds <0x0x55b036e8ed50[SOGoCache]> Using host(s) 'memcached' as server(s) <0x0x55b036e2a470[SOGoUserManager]> No authentication sources defined - nobody will be able to login. Check your defaults. <0x0x55b036e00950[SOGoSQLUserProfile]> failed to acquire channel for URL: (null)

[MAGICCC]

Sorry, I cant reproduce this on another installation. I do not get any logs if it's successful too btw but I can toggle the 2FA using sogo-tool running as sogo user in the container.

[milkmaker]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[mpohoda]

correct command is:

#enter mysql-container
cd /opt/mailcow-dockerized/
docker-compose exec mysql-mailcow /bin/bash
mysql -u $MYSQL_USER -p$MYSQL_PASSWORD
-- select database
USE mailcow;
-- look at current settings
SELECT *
FROM sogo_user_profile
WHERE c_uid = "[email protected]";
-- disable 2FA
UPDATE sogo_user_profile
SET c_defaults = REPLACE(
c_defaults,
"\\"SOGoTOTPEnabled\\": 1",
"\\"SOGoTOTPEnabled\\": 0")
WHERE c_uid = "[email protected]";
-- bye
QUIT;
#leave mysql-container
exit
#restart SOGo
#(also possible in Mailcow UI)
docker-compose restart sogo-mailcow

very important is correct place backslash between quotes in UPDATE/SET command

[botsarenthuman]

Same here, when trying the sogo-tool, I get these errors:

2023-06-15 23:16:26.352 sogo-tool[2501:2501] ERROR(+[GCSFolderManager defaultFolderManager]): default 'OCSFolderInfoURL' is not configured.
<0x0x55682de75b90[SOGoCache]> Cache cleanup interval set every 900.000000 seconds
<0x0x55682de75b90[SOGoCache]> Using host(s) 'memcached' as server(s)
<0x0x55682de06cb0[SOGoUserManager]> No authentication sources defined - nobody will be able to login. Check your defaults.
<0x0x55682ddf5200[SOGoSQLUserProfile]> failed to acquire channel for URL: (null)

Edit: fixed by running as the Sogo user