UsingWW: Two factor auth

Don't change the defaults.config file. Instead change the localOverrides.conf file.

If $twoFA{enabled} = 0 is set in the localOverrides.conf file, then it will not ask you for the code. There is also the possibility that $twoFA{enabled} = 1 is set in the course.conf or simple.conf file for the admin course, so check that also. That would override what is set in the other files.

Also, you can reset the OTP secret for an admin user from the command line using the bin/reset2fa wwsh script. To use it execute wwsh /opt/webwork/webwork2/bin/reset2fa admin_course_id user_id where admin_course_id is the id of your admin course and user_id is your user id. Note that there can not be a way to reset your own user's OTP secret from the browser UI as that would be a security vulnerability. Hence the script.

Two factor auth

by Alexander Gavrilyuk - Sunday, 10 August 2025, 1:37 PM

I found localOverrides.conf.dist (not localOverrides.conf), made a copy of it and renamed it localOverrides.conf. It is almost completely commented out. I added a line "$twoFA[enabled]=0;" but it did not affect anything.

I could not find course.conf and simple.conf.

Two factor auth

by Glenn Rice - Sunday, 10 August 2025, 3:30 PM

If you didn't have a localOverrides.conf file, then a step was missed in installation. You did that step now if you copied the dist file.

The course.conf and simple.conf files would be located in the course's directory. If setting $twoFA{enabled} = 0 didn't stop two factor authentication (make sure those are braces and not brackets as you used in your last comment), then look there. Either that or you have something else wrong with your setup. The fact that you didn't have a localOverrides.conf file indicates something wasn't done right when WeBWorK was installed.

Two factor auth

by Alexander Gavrilyuk - Monday, 11 August 2025, 1:53 AM

Thanks, here is what I've tried: there is no course's directory (there is 'courses.dist', which only contains *.lst files). I created a directory 'courses' and two files in it: course.conf and simple.conf, both consisting of just one line $twoFA{enabled} = 0. Again, it didn't stop two factor authentication.
I haven't tried yet to reset the OTP secret, as executing this script requires installing Mojo.

Two factor auth

by Glenn Rice - Monday, 11 August 2025, 7:04 AM

Each course has its own directory. They are all located in /opt/webwork/courses. For the default admin course, it's course directory would be /opt/webwork/courses/admin. The course.conf and simple.conf files would be located there. Don't create them if they don't exist. You don't need them. The point is that if they do exist, then they might have settings that are overriding what is in localOverrides.conf which you don't want.

If you don't have Mojolicious installed, then you can't do anything with WeBWorK. So install that now. Note that Mojo is the base namespace for everything in the Mojolicious stack, and if you have Mojolicious installed, then you have the stack installed also. If you can run webwork, then you can run the wwsh script. If you can't run the wwsh script, then you also can't run webwork in general. So that is a problem.

Two factor auth

by Alexander Gavrilyuk - Monday, 11 August 2025, 2:11 PM

Ok, I've installed Mojolicious and tried to execute wwsh. Got the following message:
"Can't locate Date/Format.pm in @INC (you may need to install the Date::Format module) (@INC contains: /home/webwork-admin/webwork2/lib /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /home/webwork-admin/webwork2/lib/WeBWorK/Debug.pm line 22.
BEGIN failed--compilation aborted at /home/webwork-admin/webwork2/lib/WeBWorK/Debug.pm line 22.
Compilation failed in require at /home/webwork-admin/webwork2/lib/WeBWorK/CourseEnvironment.pm line 60.
BEGIN failed--compilation aborted at /home/webwork-admin/webwork2/lib/WeBWorK/CourseEnvironment.pm line 60.
Compilation failed in require at wwsh line 38.
BEGIN failed--compilation aborted at wwsh line 38."

Two factor auth

by Alex Jordan - Monday, 11 August 2025, 2:56 PM

The message says "you may need to install the Date::Format module".

To get a complete list of which perl modules are missing from your system, run bin/check_modules.pl. This is part of the installation steps, and I recommend reviewing the installation steps to see what else may have been missed.

Two factor auth

by Alexander Gavrilyuk - Monday, 11 August 2025, 3:31 PM

Thanks (and sorry, the installation step was done by someone else, so I don't know the details).
I installed missing modules and now wwsh says: "You must pass scriptFile in as a path to the file at ./bin/wwsh line 49."