GithubHelp home page GithubHelp logo

userspicetwofactor's Introduction

UserSpice Two Factor Authentication Plugin

This plugin allows you to have Two Factor Authentication signing into UserSpice. The plugin uses hooks added in 5.1.4, so it requires 5.1.4+.

Userspice can be downloaded from their website or on GitHub

Setting Up

  1. Copy the two_factor plugin folder into /usersc/plugins/
  2. Open UserSpice Admin Panel and install/activate plugin.
  3. Configure plugin, enable Two Factor Authentication.
  4. Add Two Factor to necessary accounts

Activation

Once the plugin is enabled, a hook is added to every user's account.php to allow activation of Two Factor Authentication. This will be a button underneath the Edit Account button.

The user will be required to either enter the code given as their key, or scan the QR code to add the code to their app of choice. Then it will be required to use a code from their device to verify it has been added successfully.

Once activated, every login will require a 2FA code from their mobile device.

An administrator can force 2FA on all accounts by configuring the plugin or a specific account by editing the account in UserSpice.

Deactivation

A user can disable Two Factor Authentication by the same way it was enabled. The account.php will have a Disable 2FA button that they can click, then confirm they would like to remove it from their account.

If forced by an administrator the user will be required to setup 2FA again before being able to do anything else.

Questions

Any issues? Feel free to open an issue on Github or make a Pull Request.

Need help? Add me on Discord: BangingHeads#0001.

Any help with UserSpice can be asked in their Discord

userspicetwofactor's People

Contributors

bangingheads avatar

Stargazers

avatar avatar Mike avatar

Watchers

James Cloos avatar avatar

userspicetwofactor's Issues

Secret 2FA key stored in cleartext in database

When generating the QRcode for the Twofactor app the secret key for manually entering is stored in clear text. This means that anyone getting access to the database may add any users with two factor active to their two factor app.

This may in root be a userspice / plugin hook issue, but it still is a weakness

Change Redirect?

Currently, when 2FA has been enabled the user is redirected to: /users/account.php

Can I change this to something like: /dash.php?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.