Adds TOTP MFA for admins. #12363
Adds TOTP MFA for admins. #12363
Conversation
github-actions
bot
added
Admin
|
WHY SQL WHY |
|
From Ash:
|
Then it becomes a pain when someone inevitably loses their 2FA device
Session is based on id + cid combo, if you have logged on before from the same computer/ip then you don't have to do 2fa |
|
Other servers have done this already, but you would end up resetting a lot of people's 2FA when they lose their device. This is already decently portable as well, as it passes the MFA off with a webhook, and receives confirmation the same way, so another server wanting a different backend could still use the code, with a different backend. |
|
This is NOT mfa. MFA is as the name implies multi factor. This means you need atleast 2 of the following: This meets the something you know twice but fails to enforce any other factor in a mandatory fashion (discord supports something you have in the form of their own 2fa but an admin could have it off) |
|
While yes, technically the discord is something you know instead of something you have, so is email, and depending on the feature of your phone, sms which are popular 2nd factors. I could implement something like TOTP, to get a better second, however that puts the burden of resets onto us, and requires us to either develop a robust backup system, or manually reset, requiring staff time and effort every time some forgets to transfer their codes. |
|
So admins can't come on anymore if yogbot is down? |
Pretty sure admins wouldn't be able to connect for the first time on a new device. |
|
I'll swap this over to TOTP at some point, bit busy with school ATM |
… added reset to the permissions panel. Locked the permissions panel behind 2FA.
|
Might be good now |
There was a problem hiding this comment.
- Give a way to clear all your sessions
- Make sessions expire after let's say 30 days
- Give a way to login without creating a session
- Add a bloody index to the table, a ckey, ip, cid index would do nicely
- (Maybe?) Refactor your code in a way that doesnt rely on /datum/admin for a general availability of the feature, doesnt have to be enabled for everyone but would be nice to have this be an option
Ideally we'd want to use a means of verifying the session by a means other than cid/ip but shrug
Hmm, interesting suggestion of index, would something like this work: Yogstation/SQL/database_changelog.txt Line 24 in 5ef221b |
adamsong
added
the
Awaiting - Vote - Council
|
Why is this even up for debate |
|
Enforcing 2FA for forums admins was a council vote (two actually), so I'm just keeping up with the tradition. |
adamsong
added
Approved Council Vote
|
Database updated |
Document the changes in your pull request
This prevents a client from associating with their admin datum until they authenticate with 2FA. The user must provide a one time password from an app like Google Authenticator (Other apps will work, this is just a popular one), at which point they will be authenticated and readminned. The server will save a successful CID/IP pair for up to 30 days if the user so desires, so they don't have to re-enter the 2FA login every round.
In the event of a database failure, the last successful connection will be used.
If a user is not enrolled in 2FA when they try to readmin, they will be presented with a QR code, the raw TOTP seed, and a backup code. Most apps will be able to scan the QR code to get all the necessary information to generate 2FA codes, and the backup can be used in the event the 2FA device is lost. The server will ask for a code before saving these, to verify that the user has setup 2FA properly.
The permissions panel now requires a 2FA code to access, and can reset 2FA logins for any admin.
Images
Setup window
Google Authenticator after scanning the code
Entering the code
Save confirmation
Requires rust_g update with the hash feature enabled.