Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[POTENTIAL FEATURE] Two-factor authentication (2FA) #732

Closed
amgtm opened this issue Oct 7, 2015 · 7 comments
Closed

[POTENTIAL FEATURE] Two-factor authentication (2FA) #732

amgtm opened this issue Oct 7, 2015 · 7 comments

Comments

@amgtm
Copy link

amgtm commented Oct 7, 2015

Hi, I would like to know how can I implement a Two-factor authentication.

  1. if user is successful logged in then a pin will be generated in mysql and in parallel sent via an api as a SMS
  2. user is redirected to the PIN form. If the submitted pin matches the generated pin then the user will be considered as authenticated and will have access on the site.
    How can I do this, where can I start from?
    Than you!
@panique
Copy link
Owner

panique commented Oct 7, 2015

Hey, but this is a duplicate of ticekt #528, so I think it's okay to close this one.

@panique panique closed this as completed Oct 7, 2015
@jjkirkpatrick
Copy link
Contributor

Hi Amgtm and @panique i personally would not consider this a duplicate of #528 , so im going to reply non the less with a couple of options.

First, i would take a look at https://github.com/sonata-project/GoogleAuthenticator a nice package for working with google authenticator

second i personally would not use SMS and don't have experience using it. what i would do is send the user an email with the code. much like how steam does when accessing your account on a new device.

How to do it? well that's up to you however it should not be too hard.

User login attempt -> partial login until second authentication (e.g pin enter screen) -> code entered -> login if correct

then you need to check the code is still valid, either with time stamps, or what ever you like.

Just make sure the code done not hang around when the user is done. set a new one after logout or after X time has passed.

I hope this helps its not much but i'm at work.

@panique
Copy link
Owner

panique commented Oct 7, 2015

Okay :) re-opened!

@panique panique reopened this Oct 7, 2015
@amgtm
Copy link
Author

amgtm commented Oct 7, 2015

Thank you @panique , I'm glad that this 'feature' presents interest. @oisian it doesn't matter what 'system' is in use. I',m interested how and where to messup with the Auth class 👍 :-)
I , personally will use something like this php -> memcache queue -> adb (android) .
Tested and working properly. So I will stick to the SMS as a second auth.

@jjkirkpatrick
Copy link
Contributor

I would have a Session variable like "isAuthenticated"

Then after all the normal login that's in place by default check

if (isAuthenticated != true){
SendAuthCode();
Redirect::to("CodeInput");
}

and keep doing that untill they have entered it, at which point you can change isAuthenticated to true

@panique panique changed the title [NEW FEATURE] Two-factor authentication [POTENTIAL FEATURE] Two-factor authentication (2FA) Oct 11, 2015
@panique
Copy link
Owner

panique commented Oct 11, 2015

Hey, I'm currently "cleaning" the project a little bit and moving feature-requests like this to an own list inside the readme file (find it under the "future features" point). I hope you are okay with it, as most tickets here are new features and not really bugs or so.

My idea is just to avoid this project from getting oversized by too many features, so I'm closing the ticket, but for sure linking it from the readme in case somebody wants to implement this.

I hope you are all okay with this. :)

@panique panique closed this as completed Oct 11, 2015
@ghost
Copy link

ghost commented Aug 18, 2017

@panique Any thoughts of adding this as a feature could come very handy to this framework.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants