I self host matomo server instead of Google Analytics.
Suddenly some time ago I lost ability to log in, because my 2FA codes stopped working. In my great wisdom I also didn't save any recovery codes..
So here it is how to recover from this situation, and what was the main cause.
First, if you don't have recovery codes, 2FA is not working, you don't have any other admin user that can login, you are basiacally screwed :) Unless! You self host it, and have access to shell of a server. If you do then you have to go to main directory of matomo, and issue command:
./console twofactorauth:disable-2fa-for-user --login=YOU_USER_NAME
So this worked:
u-SYS-mon02 :: /var/www/matomo » ./console twofactorauth:disable-2fa-for-user --login=admin
Disabled two-factor authentication for user: admin
Now I wanted to set it up again and find out what went wrong. And this time save the damned codes to keepass!
The first problem was that when setting up 2FA after the final OK there was an error about permissions to the /var/www/matomo/tmp/templates_c/ directory.
This was easy fixed with chmod for group www in my case
Again tried to enable 2FA with Authy, and this time I got constant: Wrong authentication code. Please try again.
Since Matomo is uses TOTP, I checked what time the server is using, and to my surprise, the server is one hour ahead of current time.
ntpdate didn't helped, and this was becasue my timezone was left default to UTC... instead of proper GMT that can change to daytime.
I changed time zone by unlinking UTC and linking Europe/Warsaw
Fri Jan 12 10:37:31 UTC 2024
» unlink /etc/localtime
» ln -s /usr/share/zoneinfo/Europe/Warsaw /etc/localtime
Fri Jan 12 11:40:05 CET 2024
After this change, 2FA could be setup again and accepeted my one time code from Authy!