-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: TOTP dynamic secret provider #2742
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only one minor comment on the current code but a couple of thoughts:
-
as a user, if I leased a TOTP dynamic secret I would expect the code to be valid for the duration of the lease; I think it's confusing I can have a valid lease but invalid code - maybe we could disable max/default TTL for TOTP and disable renew/revoke, and configure based of the providers delta and use the
authenticator.timeRemaining
to display expiry? -
I had to use a QR code scanner to get the URL - I'm not sure the requested use case for this feature but I think most users would expect to be able to enter the key displayed on 2fa setup pages such as bitbucket or google as an alternative?
frontend/src/views/SecretMainPage/components/DynamicSecretListView/CreateDynamicSecretLease.tsx
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- I think we should either hide or disable these buttons with a tooltip for TOTP and also probably not showing the expiry since it's provider determined - I know it's a small window but we know this value is incorrect so I think it would be better not to display it?
- I think we should have helper text on the create/update form for TOTP explaining that these default values should work with most providers and should only be configured if the provider explicitly provides different values
- Prereq should include option for key in addition to url
...tend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/TotpInputForm.tsx
Outdated
Show resolved
Hide resolved
...ainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretTotpForm.tsx
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Great work Sheen!
Description 📣
This adds support for new dynamic secret provider - TOTP + documentation
Tested with Bitbucket and our very own TOTP
Type ✨
Tests 🛠️
# Here's some code block to paste some code snippets