Skip to content

Two Factor Authentication#80

Merged
itinerare merged 21 commits into
lk-arpg:developfrom
itinerare:feature/two-factor-auth
Dec 11, 2023
Merged

Two Factor Authentication#80
itinerare merged 21 commits into
lk-arpg:developfrom
itinerare:feature/two-factor-auth

Conversation

@itinerare
Copy link
Copy Markdown
Member

@itinerare itinerare commented Feb 28, 2021
edited
Loading

  • Switch from laravel/ui to laravel/fortify for authentication
  • Implement optional two-factor authentication
  • Make recaptcha toggleable via config
    • Set up honeypot on login/registration as a built-in fallback

Tested locally, though I would definitely appreciate more testing, especially around the reimplementation of password reset, email verification etc. alias registration/login. Requires composer update, migrate

@itinerare itinerare added the needs review Pull requests that are pending community review label Feb 28, 2021
@itinerare itinerare requested a review from corowne February 28, 2021 19:35
@itinerare itinerare added the enhancement New feature or request label Apr 24, 2021
@itinerare itinerare marked this pull request as draft May 3, 2021 19:43
@itinerare
Copy link
Copy Markdown
Member Author

itinerare commented Aug 7, 2021

After some more testing elsewhere email appears to work alright; as a result I think updating (for birthday entry in particular) is the only significant issue for this

@itinerare itinerare added this to the v2.1.0 milestone Nov 8, 2021
itinerare and others added 6 commits January 17, 2022 10:47
@itinerare
Merge branch 'develop'
5a91bdf 
Conflicts:
	app/Http/Controllers/Auth/RegisterController.php
	app/Http/Controllers/Users/AccountController.php
	app/Models/User/User.php
	app/Services/UserService.php
	composer.json
@itinerare
Merge branch 'develop'
a9f493d 
Conflicts:
	app/Http/Controllers/Auth/LoginController.php
	app/Http/Controllers/Auth/RegisterController.php
	app/Http/Controllers/Users/AccountController.php
	app/Models/User/User.php
	app/Services/UserService.php
	composer.json
	resources/views/account/settings.blade.php
	resources/views/auth/passwords/reset.blade.php
	resources/views/auth/verify.blade.php
	routes/lorekeeper/members.php
	routes/web.php
@itinerare
fix: remove laravel/ui routes
d451271
@itinerare
refactor: fix PHP styling
e480c78
@itinerare
feat(users): update fortify implementation
bdcb441 
- make recaptcha toggleable in config
- implement laravel honeypot on fortify routes
- fix resend verification email route
@itinerare @github-actions
refactor: fix blade formatting
14dbeec
@itinerare
Copy link
Copy Markdown
Member Author

itinerare commented Dec 6, 2023

Updated this for birthday, etc. checking; I endeavored to not break alias registrations/login but would like more checking around that.
That said, I did squash some bugs around the standard registration flow while I was at it, as well as making recaptcha a toggleable extension (via config)... this does double-duty of making sure folk know that information needs to be set in the .env as well as making it not a hurdle in a dev environment. Since that does otherwise leave the registration and login forms vulnerable, I did at least set up the existing honeypot package for them as a fallback. That said, for some sites it may work fine to keep things under control and is a privacy-conscious option besides.

@itinerare itinerare marked this pull request as ready for review December 6, 2023 20:31
@itinerare itinerare removed the request for review from corowne December 6, 2023 20:32
ScuffedNewt
ScuffedNewt reviewed Dec 11, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@ScuffedNewt ScuffedNewt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some notes / general clarification, nothing crazy
forgot mostly what I asked since I couldn't finalise review

Comment thread app/Http/Controllers/Auth/RegisterController.php Outdated
Comment thread app/Providers/FortifyServiceProvider.php
Comment thread resources/views/auth/login.blade.php
Comment thread resources/views/auth/two-factor-challenge.blade.php
@itinerare itinerare added reviewed Pull requests that have received community review and are pending merge and removed needs review Pull requests that are pending community review labels Dec 11, 2023
@itinerare itinerare merged commit 4e07b2e into lk-arpg:develop Dec 11, 2023
@itinerare itinerare deleted the feature/two-factor-auth branch December 11, 2023 18:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@ScuffedNewt ScuffedNewt ScuffedNewt approved these changes

@AW0005 AW0005 AW0005 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

enhancement New feature or request reviewed Pull requests that have received community review and are pending merge

Projects

None yet

Milestone

v3.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@itinerare @ScuffedNewt @AW0005