Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow users to choose one method instead of all when 2FA is enforced #31

Closed
nussjustin-hmmh opened this issue Sep 11, 2019 · 4 comments
Closed

Allow users to choose one method instead of all when 2FA is enforced #31

nussjustin-hmmh opened this issue Sep 11, 2019 · 4 comments
Labels
Component: 2FA Issues and Pull Requests related to Two Factor Authentication should be marked with this label
Projects
Backlog

Comments

@nussjustin-hmmh
Copy link

Preconditions

  1. Magento Version 2.3.2
  2. Module Version 3.0.0

Steps to reproduce

  1. Activate two 2FA methods
  2. Set both methods as forced

Expected result

  1. A user can choose which method he wants to use for authenticating

Actual result

  1. Both methods must be configured

For a customer want to enforce usage of 2FA but let the users decide which method to use (in our case either Google or U2F Key). Since the module does not currently support this scenario we must manually make sure that each user has at least one 2FA method configured.
@sdzhepa sdzhepa transferred this issue from another repository Jan 27, 2020
@sdzhepa sdzhepa added the Component: 2FA Issues and Pull Requests related to Two Factor Authentication should be marked with this label label Jan 27, 2020
@okorshenko okorshenko added this to Ready for Grooming in Backlog Jan 28, 2020
@nathanjosiah
Copy link
Contributor

Thank you for opening this issue! I am closing this along with others due to 2fa currently undergoing a very large internal rewrite/refactor this change will not be needed in the new version.

@m2-community-project m2-community-project bot moved this from Ready for Grooming to Done in Backlog Mar 20, 2020
@fredden
Copy link
Member

fredden commented Feb 26, 2021

@nathanjosiah Please can you provide a link to the work that you've suggested was underway last year? We have exactly the problem described in this issue. What's the timeline for the work you've mentioned? Would you be willing to accept a pull request that solves this problem in the meantime?

@nathanjosiah
Copy link
Contributor

Hello @fredden The work can be seen in #230. The security package 1.0.0 version that released alongside magento 2.4.0 came with a huge refactor/rewrite of 2fa. The merchant is able to configure which 2fa methods are enabled and the admins have to configure each of them. However, once they are configured the user may choose which one they want to use. We do allow the user to bypass configuration of methods as long as there is at least one method configured. But this is mainly to support workflows where a merchant may require multiple methods but the user is temporarily only able to configure one of them (for example if they do not yet have the company issued U2F physical key).

@fredden
Copy link
Member

fredden commented Mar 1, 2021

Thanks for the update / context. We're having the described problem / behaviour with a merchant on Magento v2.3.6-p1. I'll let them know that the experience is different with v2.4.0+. We're likely to need something in the short term while the 2.4 upgrade is in progress; I'll have a look at the linked pull request for inspiration on what can/shouldn't be changed locally.

magento-cicd2 pushed a commit that referenced this issue May 27, 2021
@dvoskoboinikov
Merge pull request #31 from magento-cia/MC-32830
e4aea96 
MC-32830: Do not store admin and customer tokens in DB
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Component: 2FA Issues and Pull Requests related to Two Factor Authentication should be marked with this label
Projects
Backlog
  
Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fredden @nathanjosiah @sdzhepa @nussjustin-hmmh