Two Factor Authentication #285

ricknjacky · 2021-08-24T08:59:53Z

llaske · 2021-10-03T20:38:58Z

I can't see the new Enable 2FA button on the user profile.
Is there something special to configure?

ricknjacky · 2021-10-03T20:53:59Z

Right, the settings is in the profile view (the one we access from top right corner menu) I rechecked, with this branch's file changes, It works.

^^Do test this at your end too and let me know if any issues occur here.

This is because the view is edit view and unlike password, we are restricting access to making changes to 2FA's state and enable/disable to the user only (account holder). This is the same logic in SSP-SERVER too.

llaske · 2021-10-30T09:23:02Z

Nice @ricknjacky. It works now.

Few remarks:

Buttons alignment is not good. I think it should be margin-top: -63px for Enable button and margin-top: -68px for Disable button.
Put 2FA tutorial popup before the created time popup. Popup should appear in the field order.
Remove commented code here.
Add a white space between Sugarizer and Server on the default service name here.

api/controller/users.js

api/controller/auth.js

api/controller/utils/qrCodeUtil.js

api/controller/auth.js

package.json

llaske · 2021-11-11T08:52:25Z

Thanks @ricknjacky for fixing PR feedback.

Two things left to do :

Add a warning message when a teacher enable 2FA
Update unit tests due to 2FA changes

ricknjacky · 2021-11-11T09:08:53Z

Thanks @ricknjacky for fixing PR feedback.

Two things left to do :

Add a warning message when a teacher enable 2FA

Update unit tests due to 2FA changes

Thank-you for the update!
Adding warning message asap.
As discussed, once this PR is merged into dev, I'll rebase and send in a new PR for tests.

llaske · 2021-11-11T10:53:06Z

Regarding unit test if it's not too complex it will be better to report your changes here so everything will be at the same place

2Factor Authentication Tests

ricknjacky · 2021-11-13T01:53:59Z

@llaske

Have added all the relevant test cases and they all pass successfully. Kindly review, Thanks.

llaske · 2021-11-13T21:53:02Z

Nice @ricknjacky.
Could you also update the Server Settings in README file to explain new parameters meaning in .INI file?

ricknjacky · 2021-11-13T22:50:27Z

@llaske done. Added relevant comments and information via comments too.

llaske · 2021-11-17T20:51:09Z

Good job @ricknjacky . Thanks for this contribution.

ricknjacky added 20 commits August 24, 2021 14:27

initialise enable/disable frontend on profile view

f9650af

totp utility functions and settings

cafadce

enable2FA utility

ab9e7a0

updateTOTP state value utility

ae1c545

disable2FA utility

fa38da7

QRCode utility

0611fc8

add api routes for enable and disable

e297368

add enable, disable and updatesecret controllers

e5ee477

token regex validation

1c8ae02

enable, disable dashboard controllers

a2cb709

added dashboard controller routes

83d942d

add twoFactor view and update profile view

7f9931b

update ServiceName,maxagetfa and minimumtokensize

ef9b593

add localised message strings

d79625d

update package and add otplib and qrcode

ed927d5

update UI and localise 2FA page

04edbd1

update UI and fix locale

f20ee9f

add padding--fix view

b7a465b

update Localisation remove po changes

9b3b88b

remove unnecessary console logs

c7c02ec

ricknjacky changed the title ~~Two Factor Authentication - Enable/Disable~~ Two Factor Authentication Oct 3, 2021

ricknjacky added 7 commits October 4, 2021 03:37

add api and dashboard routes

5d78cf0

verify2FA view and controller logic

d97cc0d

Update api auth controller route

df74df5

Update api users controller route

f6fa52a

Update middleware

552ba55

add fullauth logic in post login

4adea0a

update validateSession logic

1933988

ricknjacky added 4 commits October 30, 2021 20:51

integrate PR review feedback

3748746

add secret to ini file

9b89ac3

delete secret file and update main.js

0407b6e

update api controller and middleware

f1b5a5a