Remaining TODO items for enabling two-factor authentication #9521
Comments
|
Hello @zulip/server-authentication members, this issue was labeled with the "area: authentication" label, so you may want to check it out! |
|
Hello @mateuszmandera, you have been unassigned from this issue because you have not updated this issue or any referenced pull requests for over 14 days. You can reclaim this issue or claim any other issue by commenting Thanks for your contributions, and hope to see you again soon! |
|
I'll start work on this from tomorrow. |
|
Hello @umairwaheed, you have been unassigned from this issue because you have not updated this issue or any referenced pull requests for over 14 days. You can reclaim this issue or claim any other issue by commenting Thanks for your contributions, and hope to see you again soon! |
|
This is Priority High, but it hasn't had any activity for over a year? |
|
@khionu that's correct. We use "priority: high" to keep track of things that are important and we'd like to have someone work on soon. There are hundreds of issues in that category, and not all of them actually get resources. 2FA has been of less interest than one might expect because many organizations use SSO with a third-party tool that provides 2FA, but I'd still very much like to see it happen soon. I'm guessing @mateuszmandera will end up finishing the implementation in the next month or so, since he just finished fixing most of our other high priority authentication issues. |
|
+1 any more recent updates on this? I think if you disable user/pass and rely on SSO 2FA that can give you some relief for now but i would be ideal for zulip native 2FA |
|
@stanzheng It's on my TODO list with a bunch of other authentication-related things, but there's several urgent things first. Should get to this soon-ish hopefully though! |
|
An upstream PR has been merged that allows overriding the redirect URL, so the monkey-patch in TwoFactorLoginView can be implemented properly. |
|
Nice, that will simplify things significantly. @mateuszmandera for this project, I think if we can get this into a somewhat cleaner state, it'd be nice to hand off the visual work make this in line with our design standards to @majordwarf or @SiddharthVarshney while you work on the logic. |
Gittenburg
added
new feature
|
Hello @mateuszmandera, you have been unassigned from this issue because you have not updated this issue or any referenced pull requests for over 14 days. You can reclaim this issue or claim any other issue by commenting Thanks for your contributions, and hope to see you again soon! |
|
Working on it |
|
Are there any plans to support Webauthn/FIDO2 security keys where a browser is available? |
That would be a separate issue |
|
|
The current 2FA plans involve using https://github.com/Bouke/django-two-factor-auth, which probably determines what protocols we'll support at least at first. |
|
😩 That doesn't support FIDO. jazzband/django-two-factor-auth#437 |
|
FIDO support was just merged into django-two-factor-auth! |
Now that we've merged #5753, Zulip has all the infrastructure for 2-factor authentication, but there's more work we need to do before we can turn the feature on in production.
Here's the outstanding TODO list for 2FA in Zulip:
TwoFactorLoginViewTwoFactorLoginViewthat makes it possible to pass this parameter in or similar.start_two_factor_auth.@otp_requiredin our API decorators for JSON routes (probably answer is "yes").The text was updated successfully, but these errors were encountered: