Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature addition: Multi-Factor Authentication #401

Merged
merged 92 commits into from
Mar 29, 2025
Merged

Feature addition: Multi-Factor Authentication #401

Changes from all commits
Commits
Show all changes
92 commits
Select commit Hold shift + click to select a range
9c748f3
Ported from branch OIDC
chesspro13 Sep 7, 2024
e232c66
TOTP working
chesspro13 Sep 7, 2024
37b4bf6
Fixed login errors
chesspro13 Sep 7, 2024
494721f
Changed Verification order.
chesspro13 Sep 7, 2024
1a8625b
Added package-lock.json
chesspro13 Sep 7, 2024
c74da18
OAuth working
chesspro13 Sep 7, 2024
df3cbf8
Removed references to disconnecting OpenID Accounts. For now.
chesspro13 Sep 7, 2024
d763960
Removed unused script
chesspro13 Sep 7, 2024
13937a2
Removed outdated comments
chesspro13 Sep 7, 2024
9dd185e
Removed unused files/code/imports/comments.
chesspro13 Sep 7, 2024
ede7bbd
Fixed recovery code refresh bug.
chesspro13 Sep 7, 2024
06da11f
Disabled TOTP checkbox
chesspro13 Sep 7, 2024
55b0f0e
Simplified .env
chesspro13 Sep 7, 2024
d8c8fe0
Added check for running both OpenID and TOTP at the same time.
chesspro13 Sep 9, 2024
953f539
Changed wording from "Regerate TOTP Secret" to "Generate TOTP Secret"
chesspro13 Sep 9, 2024
fa5c5ce
Added OpenID and TOTP to readme
chesspro13 Sep 9, 2024
2e21a45
Merge branch 'develop' into feature/MFA
chesspro13 Sep 9, 2024
d928202
Fixed problem with using existing databases.
chesspro13 Sep 14, 2024
120f167
Removed unused import
chesspro13 Sep 14, 2024
2eb4d4f
Merge remote-tracking branch 'origin/develop' into feature/MFA
eliandoran Dec 24, 2024
e20e53f
feat(client/mfa): improve layout by separating into multiple sections
eliandoran Dec 24, 2024
0916d87
feat(client/mfa): improve headings
eliandoran Dec 24, 2024
8df1e32
Merge branch 'develop' into feature/MFA
JYC333 Mar 22, 2025
fdc10d0
feat: 🎸 fix ts error
JYC333 Mar 22, 2025
0871d16
feat: 🎸 remove conflict code
JYC333 Mar 22, 2025
b320553
feat: 🎸 fix open_id error
JYC333 Mar 22, 2025
c8164c8
feat: 🎸 fix recovery_codes error
JYC333 Mar 22, 2025
9d49546
feat: 🎸 Fix ts compile error
JYC333 Mar 22, 2025
c3d3ab4
Merge branch 'develop' into feature/MFA
JYC333 Mar 22, 2025
54a5f81
feat: 🎸 Fix option defintions
JYC333 Mar 22, 2025
717ad3b
feat: 🎸 Port MFA to ts
JYC333 Mar 22, 2025
e3fb871
feat: 🎸 Reformat MFA option page
JYC333 Mar 22, 2025
f42ecb2
Merge branch 'develop' into feature/MFA
JYC333 Mar 22, 2025
8d7339b
feat: 🎸 Use i18n for text, remove unused vars
JYC333 Mar 25, 2025
94cd54f
feat: 🎸 Use ini file to configure MFA
JYC333 Mar 25, 2025
924044a
feat: 🎸 Remove dotenv dep
JYC333 Mar 25, 2025
3fa89b2
feat: 🎸 Remove unuse gitignore file
JYC333 Mar 25, 2025
ae794a5
feat: 🎸 Use config.ini configure
JYC333 Mar 25, 2025
1afccb4
feat: 🎸 Fix app start error with MFA configs
JYC333 Mar 25, 2025
c2a6d51
feat: 🎸 Better naming for vars
JYC333 Mar 25, 2025
c1ed471
feat: 🎸 Ask user to login if any MFA configs are changed
JYC333 Mar 25, 2025
8f157e0
feat: 🎸 Show correct login error to user
JYC333 Mar 25, 2025
083ee5d
feat: 🎸 Fix TOTP not load correctly
JYC333 Mar 25, 2025
e957a17
feat: 🎸 Seperate auth check
JYC333 Mar 25, 2025
a30695b
feat: 🎸 Remove redundant check auth
JYC333 Mar 26, 2025
886e63f
feat: 🎸 Add SSO login button
JYC333 Mar 26, 2025
4762287
feat: 🎸 Remove redundant func
JYC333 Mar 26, 2025
d4b657e
feat: 🎸 Fix import naming
JYC333 Mar 26, 2025
f2a2965
feat: 🎸 Fix SSO login
JYC333 Mar 26, 2025
979000c
feat: 🎸 Fix recovery key error
JYC333 Mar 26, 2025
4959dbf
feat: 🎸 Improve TOTP setting page
JYC333 Mar 26, 2025
e2ea6f9
feat: 🎸 Add CN translation
JYC333 Mar 26, 2025
ce05332
feat: 🎸 Format code
JYC333 Mar 26, 2025
7024166
feat: 🎸 Add CN translation
JYC333 Mar 26, 2025
d010e6c
Merge branch 'develop' into feature/MFA
JYC333 Mar 26, 2025
347c644
Merge branch 'develop' into feature/MFA
JYC333 Mar 26, 2025
0741c85
feat: 🎸 fix electron login logic
JYC333 Mar 26, 2025
6472268
feat: 🎸 Disable MFA on electron instance
JYC333 Mar 26, 2025
cd5bfcf
Merge branch 'develop' into feature/MFA
eliandoran Mar 26, 2025
d42b839
feat: 🎸 init move mfa option
JYC333 Mar 27, 2025
d92fa82
feat: 🎸 set option status
JYC333 Mar 28, 2025
d4cd0e8
feat: 🎸 restyle option page
JYC333 Mar 28, 2025
04cbe9d
style: 💄 restyle
JYC333 Mar 28, 2025
18a417a
feat: 🎸 add totp encryption
JYC333 Mar 28, 2025
687d506
refactor: 💡 rename error class
JYC333 Mar 28, 2025
5742d30
feat: 🎸 move totp services to encryption logic
JYC333 Mar 28, 2025
ea7fbb1
fix: 🐛 init error with totp
JYC333 Mar 28, 2025
c921982
feat: 🎸 set generate totp function
JYC333 Mar 28, 2025
243d7d0
feat: 🎸 remove totp config
JYC333 Mar 28, 2025
c217ccd
feat: 🎸 remove totp from config
JYC333 Mar 28, 2025
332de4e
feat: 🎸 add subtree translation
JYC333 Mar 28, 2025
7929aaf
feat: 🎸 returen missing vars for oauth
JYC333 Mar 28, 2025
44c8b7d
feat: 🎸 improve oauth option page
JYC333 Mar 28, 2025
2bd408c
feat: 🎸 better instruction
JYC333 Mar 28, 2025
5987ded
Merge branch 'develop' into feature/MFA
JYC333 Mar 28, 2025
bde58e5
fix: 🐛 fix login error
JYC333 Mar 28, 2025
aaecb43
fix: 🐛 fix oauth logout error
JYC333 Mar 28, 2025
f19ec9b
fix: 🐛 fix open id check error
JYC333 Mar 28, 2025
cb3627e
chore: 🤖 better totp instruction
JYC333 Mar 28, 2025
b51814a
fix: 🐛 remove oauth default config
JYC333 Mar 28, 2025
121f297
chore: 🤖 better oauth instruction
JYC333 Mar 28, 2025
797ed2a
Merge branch 'develop' into feature/MFA
JYC333 Mar 28, 2025
25aa08b
chore: 🤖 fix lock file
JYC333 Mar 28, 2025
4cde925
style(options/mfa): use admonitions
eliandoran Mar 28, 2025
f743cfc
fix(options/mfa): double colons in warning
eliandoran Mar 28, 2025
bd092e0
chore(i18n): typo
eliandoran Mar 28, 2025
2eeb376
refactor: 💡 fix typo and imporve code quality
JYC333 Mar 29, 2025
77f62b9
refactor: 💡 refact recovery code
JYC333 Mar 29, 2025
02c4a26
feat: 🎸 upgrade db version
JYC333 Mar 29, 2025
a8e37b5
Merge branch 'develop' into feature/MFA
JYC333 Mar 29, 2025
17b4bfc
chore: 🤖 improve instruction
JYC333 Mar 29, 2025
ed58be1
Merge branch 'develop' into feature/MFA
JYC333 Mar 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
@@ -42,4 +42,4 @@ data-docs/backup
data-docs/log
data-docs/session
data-docs/session_secret.txt
data-docs/document.*
data-docs/document.*
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -37,6 +37,7 @@ Feel free to join our official conversations. We would love to hear what feature
* Fast and easy [navigation between notes](https://triliumnext.github.io/Docs/Wiki/note-navigation), full text search and [note hoisting](https://triliumnext.github.io/Docs/Wiki/note-hoisting)
* Seamless [note versioning](https://triliumnext.github.io/Docs/Wiki/note-revisions)
* Note [attributes](https://triliumnext.github.io/Docs/Wiki/attributes) can be used for note organization, querying and advanced [scripting](https://triliumnext.github.io/Docs/Wiki/scripts)
* Direct OpenID and TOTP integration for more secure login
* [Synchronization](https://triliumnext.github.io/Docs/Wiki/synchronization) with self-hosted sync server
* there's a [3rd party service for hosting synchronisation server](https://trilium.cc/paid-hosting)
* [Sharing](https://triliumnext.github.io/Docs/Wiki/sharing) (publishing) notes to public internet
15 changes: 14 additions & 1 deletion config-sample.ini
View file
Original file line number Diff line number Diff line change
@@ -43,4 +43,17 @@ cookieMaxAge=1814400
[Sync]
#syncServerHost=
#syncServerTimeout=
#syncServerProxy=
#syncServerProxy=

[MultiFactorAuthentication]
# Set the base URL for OAuth/OpenID authentication
# This is the URL of the service that will be used to verify the user's identity
oauthBaseUrl=

# Set the client ID for OAuth/OpenID authentication
# This is the ID of the client that will be used to verify the user's identity
oauthClientId=

# Set the client secret for OAuth/OpenID authentication
# This is the secret of the client that will be used to verify the user's identity
oauthClientSecret=
14 changes: 14 additions & 0 deletions db/migrations/0229__add_oauth_user_data_table.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
-- Add the oauth user data table
CREATE TABLE IF NOT EXISTS "user_data"
(
tmpID INT,
username TEXT,
email TEXT,
userIDEncryptedDataKey TEXT,
userIDVerificationHash TEXT,
salt TEXT,
derivedKey TEXT,
isSetup TEXT DEFAULT "false",
UNIQUE (tmpID),
PRIMARY KEY (tmpID)
);
13 changes: 13 additions & 0 deletions db/schema.sql
View file
Original file line number Diff line number Diff line change
@@ -126,6 +126,19 @@ CREATE TABLE IF NOT EXISTS "attachments"
utcDateScheduledForErasureSince TEXT DEFAULT NULL,
isDeleted INT not null,
deleteId TEXT DEFAULT NULL);
CREATE TABLE IF NOT EXISTS "user_data"
(
tmpID INT,
username TEXT,
email TEXT,
userIDEncryptedDataKey TEXT,
userIDVerificationHash TEXT,
salt TEXT,
derivedKey TEXT,
isSetup TEXT DEFAULT "false",
UNIQUE (tmpID),
PRIMARY KEY (tmpID)
);
CREATE INDEX IDX_attachments_ownerId_role
on attachments (ownerId, role);

7 changes: 7 additions & 0 deletions images/google-logo.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Oops, something went wrong.