2FA Two Authentication Factor #164#724
2FA Two Authentication Factor #164#724djaiss merged 32 commits intomonicahq:masterfrom asbiin:164-2FA-two-factor-auth
Conversation
Signed-off-by: Alexis Saettler <alexis@saettler.org>
Signed-off-by: Alexis Saettler <alexis@saettler.org>
Signed-off-by: Alexis Saettler <alexis@saettler.org>
Signed-off-by: Alexis Saettler <alexis@saettler.org>
Signed-off-by: Alexis Saettler <alexis@saettler.org>
Signed-off-by: Alexis Saettler <alexis@saettler.org>
Signed-off-by: Alexis Saettler <alexis@saettler.org>
Signed-off-by: Alexis Saettler <alexis@saettler.org>
djaiss
left a comment
djaiss
left a comment
There was a problem hiding this comment.
Excellent work, it works on my machine so far. I've added a few comments.
Also, don't forget the localization as well!
Finally, what do you think of moving both 2FA and password change to a new Security tab under Settings?
| {{ csrf_field() }} | ||
|
|
||
| @if ($errors->has('totp')) | ||
| <span class="help-block"> |
| @endif | ||
| <div class="form-group"> | ||
| <label for="one_time_password">Enter code</label> | ||
| <input type="number" class="form-control" id="one_time_password" name="one_time_password" /> |
There was a problem hiding this comment.
You could put required here, to enable browser validation of the field.
| </div> | ||
|
|
||
| <div class="form-group actions"> | ||
| <button type="submit" class="btn btn-primary">Validate</button> |
There was a problem hiding this comment.
Would be nice to provide a Cancel button here to let users go back to the Login screen.
| {{-- code --}} | ||
| <div class="form-group"> | ||
| <label for="one_time_password">Enter code</label> | ||
| <input type="number" class="form-control" id="one_time_password" name="one_time_password" /> |
There was a problem hiding this comment.
You can add required parameter here a well.
| AWS_BUCKET= | ||
| AWS_SERVER= | ||
|
|
||
| 2FA_ENABLED=false |
There was a problem hiding this comment.
Can you add a comment here on what 2FA is and does?
…, indentation, etc) Signed-off-by: Alexis Saettler <alexis@saettler.org>
Signed-off-by: Alexis Saettler <alexis@saettler.org>
Signed-off-by: Alexis Saettler <alexis@saettler.org>
Signed-off-by: Alexis Saettler <alexis@saettler.org>
Signed-off-by: Alexis Saettler <alexis@saettler.org>
…to 164-2FA-two-factor-auth
asbiin
changed the title
|
SonarQube analysis reported 3 issues
Watch the comments in this conversation to review them. |
| public function up() | ||
| { | ||
| Schema::table('users', function ($table) { | ||
| $table->string('google2fa_secret')->nullable(); |
There was a problem hiding this comment.
Could you put $table->string('google2fa_secret')->after('remember_token')->nullable(); instead?
That way, the new field won't be at the latest position in the table.
| $user = $request->user(); | ||
|
|
||
| //generate image for QR barcode | ||
| $imageDataUri = Google2FA::getQRCodeInline( |
There was a problem hiding this comment.
Not sure if it's an issue, but static analysis says that this is an instance method, called statically
There was a problem hiding this comment.
You're right, we should use app('pragmarx.google2fa')->getQRCodeInline instead.
Thanks !
Do you want to open an issue ?
|
This pull request has been automatically locked since there |
3 participants
This will close #164
Based on my fork of pragmarx/google2fa-laravel, see https://github.com/asbiin/google2fa-laravel
Be careful to update the time of the machine/VM to make it works :
Option is not activated by default, update your .env to add
2FA_ENABLED=trueThis is a 1st release, which can:
Still need to do :