π§βπ¬ Prototype: MFA for owners of top 100 downloaded gems (CLI) #9
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Jan 12, 2022
jenshenny
commented
Jan 12, 2022
|
|
||
| def response_with_mfa_warning(response) | ||
| return response unless should_setup_mfa? | ||
| message = "\n\n[WARNING] For protection of your account and your gems, you are encouraged to set up multi-factor authentication at https://rubygems.org/multifactor_auth/new. Your account will be required have MFA enabled in the future." |
There was a problem hiding this comment.
Your account will be required have MFA enabled in the future
We can specify the date with require_mfa_at
jenshenny
force-pushed
the
encourage-mfa-cli-op3
branch
from
0724d62
to
8209e21
Compare
jenshenny
changed the title
|
I'm going to close this out since the work building off this prototype has been merged into the main repo π π§Ή |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
Builds off of the UI flow #8
This prototype relates to the stage of encouraging users, and requiring users to set up mfa in the CLI.
User in the encouragement state
The regular response is sent back with signin, push/yank gems, and add/remove owners actions along with a message (or warning) to encourage users to set up MFA.
Gem signin
This requires changes to the rubygems'
gem signin commandas the response from the rubygems.org API when creating an API key is the API key itself. Before creating an API key, an request is sent toapi/v1/profiledetermine if MFA is enabled on the account, and if not, a message gets shown (see Shopify/rubygems#1). This applies to all users and not the targetted ones.We could display it for targeted users however. This would require another field to be added to the profile for user messages or warnings (rubygems.org, rubygems). It might be worth adding this field to communicate info in future initiatives (eg. gem signing).
Gem push/yank gems, and add/remove owners
A message is appended to the end of the response body of these commands. A warning cannot be appended before since these commands can check the beginning of the response body to determine certain states (eg. mfa unauthorized). This applies to users that have been targetted via the
mfa_required?method (ie. most downloaded gem owners) on the user.User in the required state
When a user tries to signin, push/yank gems, and add/remove owners, a message renders to make the user setup MFA if the user doesn't have MFA enabled with the forbidden response. This is only limited to the accounts that is targeted by
mfa_required?.Gem signin
Could make it so the signin exits early if we use the targeted user warning approach mentioned in gem signin in the encouraging phase. The warning field would store a list of warnings as well as if they should early exit (eg.
[{msg:"WARNING...", exit: true}, ...]).Gem push