2FA auth slider is missing?

Developer help
1

Using a self-hosted instance of Ghost, on 5.116.1. The 2fa feature doesn’t appear to be available, and can’t see a labs toggle for it either. Checked to see if it was an alpha lab on a local development instance on Ghost, also on 5.116.1 with enableDeveloperExperiments set to true in the settings file. Still no luck.

From what I’ve looked at though, it is marked as a normal experiment flag (and not alpha) currently, unsure why it’s not appearing on either instance though, if anyone can help me out? Thanks!

EDIT: I’m unsure of the current planned/beta MFA implementation by Ghost, but it would definitely be important to see TOTPs instead of just email MFA, and potentially WebAuthn (/passkeys)?

2

I think you’re missing it because it isn’t in beta any more. You can tweak the behavior on the staff page (ghost > settings > staff).

3

Following @carolina 's issue - I am having the same error. not in alpha, beta, or staff features. (Using Ghost Self Hosted version Version: 5.116.1)

@Cathy_Sarisky Do you see it?

4

I still see staff2fa as a beta feature. It looks like the switch was removed from the alpha features UI, but not added to the beat features UI. I’m not sure if that’s intentional.

PR: promote to beta, remove alpha UI
history BetaFeatures UI

Enabling the lab using the API and refreshing the page shows the toggle in /ghost/#/settings/staff

1 Like
5

How do I enable this via the API?

6

The way I did it isn’t straightforward - I changed a different lab, copied the fetch request, and re-ran it with the staff2fa lab added

7

What fetch request? Is it in the developer console somewhere?

8

I figured it out - sent the request and got it enabled :smiley:

Thank you

9

image
image1249×994 41.2 KB

10

Owner can turned on 2FA?

Or only Admin and other roles?

11

Yeah this seems to be the case. I’ve opened an issue and PR just in case, but otherwise enabling it through the API seems to do the trick.

For those wondering how to do it by the API, here are the steps I took:

  1. Go to your ghost admin panel, and press the settings button, scroll down to labs and press open.
  2. Open the developer console and navigate to the network tag. Then, clear the existing things in the network tab.
  3. Toggle one of the labs.
  4. Look for the PUT request in the network tab, which should be made to the endpoint /ghost/api/admin/settings/.
  5. Copy the body, and then append \"staff2fa\":true, for example, my body:
{
  "settings": [
    {
      "key": "labs",
      "value": "{\"superEditors\":true,\"ActivityPub\":false,\"editorExcerpt\":false,\"audienceFeedback\":true,\"i18n\":true,\"themeErrorsNotification\":true,\"announcementBar\":true,\"customFonts\":true,\"contentVisibility\":true,\"members\":true,\"staff2fa\":true}"
    }
  ]
}
  1. Use this as your body for your HTTP request to the API.
  2. Back in the network tab, under that same PUT request, look for the request headers section, and then the cookie header, which should look something like this:
    Quick disclaimer, please please please never share this cookie with anyone.
cookie: ghost-admin-api-session=...
  1. For your HTTP request to the API, set the header with the key Cookie to the content of the header we discovered above (ghost-admin-api-session=...).
  2. Use this information and make a PUT HTTP request to the endpoint https://yoursite.example/ghost/api/admin/settings/ (changing the domain to your site’s domain).
  3. The lab should now be enabled, and you should be able to enable the two-factor authentication feature under the “Staff” section of your admin settings page.

This may or may not be the best way to go about this, but it is what worked for me, if you are unsure as to how to do this despite the instructions, it may be the best idea to err on the side of caution and wait until either the 2fa feature fully releases (presumably soon), or the switch is added to the beta labs section of the admin page.

1 Like