Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Second Factor Authentication to Moqui #484

Closed
wants to merge 138 commits into from
Closed

Add Second Factor Authentication to Moqui #484

wants to merge 138 commits into from

Conversation

acetousk
Copy link
Member

The pull request makes changes to moqui-framework, moqui-runtime, and SimpleScreens.

The biggest things to check are:

  • In my development environment, I was occasionally getting 28 second loading screens when calling services in UserServices.xml to create a UserAuthcFactor. Make sure that in other environments this doesn't happen.
  • Ensure that the forms don't allow the user to specify their userId so that permissions for users are enforced.

In moqui-framework:

  • a dependency is added to a build.gradle file: dev.samstevens.totp:totp:1.7.1
  • Email templates, configuration, and files are added for:
    • Sending single use codes
    • Adding the email authc type
    • Notifying the main email address about a new email authc type
  • The UserAuthcFactor entity in UserServices.xml
  • A minor change to UserGroup entity where the UserGroup can require the users to have a UserAuthcFactor
  • Changes to the login process required for having a secondary authentication
  • Other necessary minor misc changes to the code

diviun and others added 30 commits February 8, 2021 23:37
@diviun
changed moqui-runtime to come from github.com/acetousk rather than moqui
af053d5
@diviun
test
ee81ea8
@diviun
test2
06e4a03
@diviun
test3
d1c46dc 
Signed-off-by: acetousk <diviunooda@gmail.com>
@acetousk
test4
23aa645 
Signed-off-by: acetousk <acetousk@gmail.com>
@acetousk
test5
3691092
@acetousk
test test
1e882ee
@acetousk
wtf
639ca14
@acetousk
getting the UserAccountDetail transitions and services working about …
2c1564c 
…to get started with the totp service
@acetousk
just about finished UserAccoutDetail
5d3359f
@acetousk
putting the services in UserServices.xml
e30ebc0
@acetousk
finished UserAccountDetail.xml starting UserQrFactorAuthc.xml to disp…
faf4cb0 
…lay the qr code or something
@acetousk
had qr code working, but then lost it because of some weird bug
8b4e72c
@acetousk
figured out dynamic dialogs
2fe6b10
@acetousk
refactored add authenticator app and single use codes
a06e058
@acetousk
refactored add email factor!
d5ea2b9
@acetousk
made it so that the user can customize their authc factors && also ma…
b8b821a 
…de it impossible to login
@acetousk
made SimpleScreens's origin from acetousk
4eed25e
@acetousk
changed server rendered root d# to d to allow google analytics to fun…
e2d4cb2 
…ction for server rendered screens
@acetousk
still can't log in, but getting the /Authentication screen working
505e12e
@acetousk
Merge branch 'moqui:master' into master
7f86d2b
@acetousk
added SecondFactor screen, changed some login logic
00ea6b1
@acetousk
bad but committing
2fa3765
@acetousk
logging in works
1c88fe6
@acetousk
cleaned up all the services, got authentication working, and fixed th…
790a436 
…e UserAccountDetail.xml and Account.xml screens and subscreens
@acetousk
add UserGroup.requireAuthcFactor field; support in SecondFactor.html.…
edf468f 
…ftl; finished first working pass of UserGroups requiring authc factor; change single use codes to 6 or 8 digits
@acetousk
delete comments and unnecessary TODOs
3d46223
@acetousk
Merge branch 'moqui:master' into master
aff55b1
@acetousk
last pass of cleaning code before pr
a89e710
@acetousk
Merge remote-tracking branch 'origin/master'
a4f2dfe
jonesde and others added 28 commits June 30, 2021 23:12
@jonesde @acetousk
In UserFacadeImpl.UserInfo.setInfo() don't use cache for UserAccount …
a65c4e5 
…lookup, can be an issue if a UserAccount is created and logged in with Shiro saving in session, but then the transaction rolls back and there is another attempt with the same username
@acetousk
28 second loading screens UserAccountDetail.xml and Account.xml with …
0b39826 
…the buttons "Add Single Use Code" and "Add Email Factor"
@pythys @acetousk
add gradle task to enable setting up intellij XML catalog
cd34d46
@pythys @acetousk
sign copyright sections
dfa0185
@acetousk
Clean up project for pull request; add comments to clarify services
9e18897
@jonesde @acetousk
In UserFacadeImpl fix NPE in framework tests and other contexts where…
87a3d42 
… there is no WebFacade
@jonesde @acetousk
In UserService for authc factors use new SecureRandom instance each t…
513547d 
…ime to avoid very slow random number generate, don't send code automatically when creating an email authc factor, use button in UI to trigger explicitly for less surprise; some small formatting changes
@jonesde @acetousk
Add license comment for new samstevens.totp library
d479bb6
@jonesde @acetousk
Move logic from get#UserNeedAuthcFactor service to inline in MoquiShi…
f6b7d36 
…roRealm.getAuthenticationInfo() and remove the service
@diviun @acetousk
temporarily changed moqui-runtime to come from github.com/acetousk ra…
29a88ad 
…ther than moqui
@acetousk
get the UserAccountDetail transitions and services working; start wit…
14dff19 
…h the totp service
@acetousk
temporily made SimpleScreens's origin from acetousk
5250ee3
@acetousk
Merge remote-tracking branch 'origin/master'
3135c97
@acetousk
Update AUTHORS file
36b5ed9
@acetousk
refactored add authenticator app and single use codes
d5e9fad
@acetousk
refactored add email factor!
fd70e62
@acetousk
made it so that the user can customize their authc factors && also ma…
8ee5c49 
…de it impossible to login
@acetousk
added SecondFactor screen, changed some login logic
94cfb70
@acetousk
bad but committing
a0a80bb
@acetousk
cleaned up all the services, got authentication working, and fixed th…
ae1be5a 
…e UserAccountDetail.xml and Account.xml screens and subscreens
@acetousk
add UserGroup.requireAuthcFactor field; support in SecondFactor.html.…
45d82b5 
…ftl; finished first working pass of UserGroups requiring authc factor; change single use codes to 6 or 8 digits
@acetousk
delete comments and unnecessary TODOs
bde4e10
@acetousk
last pass of cleaning code before pr
6740662
@acetousk
Clean up project for pull request; add comments to clarify services
ccd6c2f
@diviun @acetousk
temporarily changed moqui-runtime to come from github.com/acetousk ra…
8514875 
…ther than moqui
@acetousk
get the UserAccountDetail transitions and services working; start wit…
ec99254 
…h the totp service
@acetousk
temporily made SimpleScreens's origin from acetousk
154d6cf
@acetousk
Update AUTHORS file
fd8358e
@acetousk
Copy link
Member Author

acetousk commented Jul 2, 2021

Because of a lack of planning on my part with git commits on several occasions, I have created a separate, identical pull request: #485.

Closing this PR due to redundant code changes.

@acetousk acetousk closed this Jul 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@acetousk @diviun @jonesde @chunlinyao @dixitdeepak @jenshp @aabiabdallah @pythys