Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2FA (TOTP and U2F) on a per user basis #861

Open
jtraulle opened this issue Jan 19, 2020 · 3 comments
Open

2FA (TOTP and U2F) on a per user basis #861

jtraulle opened this issue Jan 19, 2020 · 3 comments
Labels
feature improvement

Comments

@jtraulle
Copy link
Contributor

Hello,

This is related to #404 馃槈

It would be great if both U2F and TOTP second factor authentication could be enabled on a per user basis.

Right now, when it is enabled, all users must use it (however some users do not have an U2F security key or a smartphone, so they cannot or do not want to add this second layer of security).
@rochamarcelo
Copy link
Collaborator

It's a good feature and should not be hard to archive since we can extend the https://github.com/CakeDC/auth/blob/6.next/src/Authentication/DefaultU2fAuthenticationChecker.php

@viniciusbig
Copy link

viniciusbig commented Sep 28, 2020
edited

I've coded that in my app

something link that:

add a new field in users table to hold this configuration

// migration file
public function change()
{
    $table = $this->table('users');
    $table->addColumn('two_steps', 'boolean', [
        'default' => 0,
        'null' => false,
    ]);
    $table->update();
}

creating a new checker

// src/Authentication/DefaultOneTimePasswordAuthenticationChecker.php
declare(strict_types=1);

namespace App\Authentication;

use CakeDC\Auth\Authentication\DefaultOneTimePasswordAuthenticationChecker as CakeDCAuthentication;

/**
 * Default class to check if two factor authentication is enabled and required
 *
 * @package CakeDC\Auth\Authentication
 */
class DefaultOneTimePasswordAuthenticationChecker extends CakeDCAuthentication
{
    /**
     * Check if two factor authentication is required for a user
     *
     * @param array $user user data
     *
     * @return bool
     */
    public function isRequired(?array $user = null)
    {
        return parent::isRequired($user) && $user['two_steps'];
    }
}

Configuring the your user.php to use the new checker

$config = [
    'OneTimePasswordAuthenticator' => [
        // custom checker to skip 2FA by user settings
        'checker' => \App\Authentication\DefaultOneTimePasswordAuthenticationChecker::class,
    ],

this should be enough!

But I agree this should be added on the plugin itself =)

@LordSimal
Copy link
Contributor

LordSimal commented Mar 11, 2022
edited

@viniciusbig solution works like a charm, even with latest CakeDC/Users 11 version 馃憤馃徎
Thank you very much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@viniciusbig @jtraulle @rochamarcelo @LordSimal