Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Two-Factor Authentication for SMF using TOTP protocol #2547

Merged
merged 27 commits into from Dec 3, 2014
Merged

Two-Factor Authentication for SMF using TOTP protocol #2547

merged 27 commits into from Dec 3, 2014

Commits on Dec 2, 2014

  1. Add \TOTP\Auth class 

    Class taken from github.com/enygma/gauth, renamed to \TOTP\Auth since it's a pretty generic TOTP class. Will be used for implementing TFA in SMF

Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    6704325 View commit details
    Browse the repository at this point in the history

  2. Add tfa_secret and tfa_backup columns to the member table 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    9113e81 View commit details
    Browse the repository at this point in the history

  3. Add Two-Factor Authentication profile area 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    1b2a004 View commit details
    Browse the repository at this point in the history

  4. Label not lable 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    b83ab3c View commit details
    Browse the repository at this point in the history

  5. Properly validate TFA members 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    7325be1 View commit details
    Browse the repository at this point in the history

  6. Add form for logging TFA members in 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    ab18731 View commit details
    Browse the repository at this point in the history

  7. Use tfa_backup instead of tfa_secret for cookie 

    Don't expose tfa_secret in any form to the client side, tfa_backup is bcrypt encrypted and much harder to crack as compared to the plain text tfa_secret

Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    6885c37 View commit details
    Browse the repository at this point in the history

  8. Fix login popups 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    0424a55 View commit details
    Browse the repository at this point in the history

  9. Empty the 2FA cookie on logout as well 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    37bb694 View commit details
    Browse the repository at this point in the history

  10. Wipe user's 2FA preferences when using a backup code 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    4fda9c4 View commit details
    Browse the repository at this point in the history

  11. Don't load additional layers when sending a AJAX request to login2 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    433b792 View commit details
    Browse the repository at this point in the history

  12. Add 2FA mode settings to Cookie and Session settings page 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    efd76bf View commit details
    Browse the repository at this point in the history

  13. Implement 2FA settings 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    f1bd1e3 View commit details
    Browse the repository at this point in the history

  14. Fix disabling of 2FA 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    bdc1a74 View commit details
    Browse the repository at this point in the history

  15. Some 2FA setup template improvements 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    455acc8 View commit details
    Browse the repository at this point in the history

  16. Add enygma/gauth to contributers.txt 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    3850892 View commit details
    Browse the repository at this point in the history

  17. Add missing external credits to the credits page 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    e9d346e View commit details
    Browse the repository at this point in the history

  18. Account for user in 2FA profile area 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    3d88a15 View commit details
    Browse the repository at this point in the history

  19. Enable 2FA by default 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    c1db532 View commit details
    Browse the repository at this point in the history

  20. Don't reset $_COOKIE[$cookiename] during TFA authentication 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    9f5b7ff View commit details
    Browse the repository at this point in the history

  21. Update cookie validation regex with increased length of SHA512 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    00f2864 View commit details
    Browse the repository at this point in the history

  22. $user_settings['member_name'] instead of username 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    ff2854b View commit details
    Browse the repository at this point in the history

  23. Fix undefined index tfa_error 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    9c3534f View commit details
    Browse the repository at this point in the history

  24. Don't have space in QR code identifier 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    e05cec3 View commit details
    Browse the repository at this point in the history

  25. Fix disable link 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    6343075 View commit details
    Browse the repository at this point in the history

  26. Ask for password when enabling 2FA 

    Additional security

Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    7c8862c View commit details
    Browse the repository at this point in the history

  27. Increase max height of overlay boxes to 30em 

    Signed-off-by: Shitiz Garg <mail@dragooon.net>
    @Dragooon
    Dragooon committed Dec 2, 2014
    Configuration menu
    Copy the full SHA
    71c148e View commit details
    Browse the repository at this point in the history