d8-contrib-modules / tfa Goto Github PK
View Code? Open in Web Editor NEWThis project forked from cashwilliams/tfa
DEPRECATED - D8 TFA port now on drupal.org
Home Page: https://www.drupal.org/project/tfa
This project forked from cashwilliams/tfa
DEPRECATED - D8 TFA port now on drupal.org
Home Page: https://www.drupal.org/project/tfa
Currently a user must login as an admin, attempt to turn it off 2fa for a user, get prompted for a password and then enter the password.
Its impossible to do this for an admin that relies on drush uli
to turn off 2fa. You get prompted for a password you don't know! Administrators should be able to disable 2fa without being prompted for a password.
Motivation
Currently there is no way to define fallbacks for validation methods.
Resolution
Add fallback to validation annotations
Add option to check which roles should have tfa setup.
TFA should only be required by these roles.
Summary
As of 8.1 composer manager stands deprecated and is not the recommend workflow for pulling in dependencies of a module.
The recommend method is using composer
composer require drupal/<modulename>
But here it states that drupal.org's repositories are still in alpha and it is not advised to use this approach or am I understanding this wrong?
This module depends on an external OTP library and having a simple installation approach is crucial for user experience.
Resolution
TDB
Most of the flood control code for TFA is commented out at the moment.
The current plan is to extend the Encrypt module to allow multiple Encryption configurations (config entities). Once this is done, we should be able to assign an encryption entity to each TfaPlugin type if desired.
We will need to wait and see how the Encrypt implementation pans out before finalizing this ticket.
Issues:
Any more views are welcome!
I was just looking some codes in tfa.module file and I think it is better to replace "hook_user_login" with "changing route from Old UserLoginForm to NewUserLogin by registering an event subscriber service". We should try to use Symfony rich and Object Oriented Programming (.class) rather than procedural PHP code. (.module).
I'm not familiar with all new things in 8, but I was wondering if we should use in submitForm event dispatcher instead of calling plugin methods.
Could this be used in a way in building or validating form? (I guess not)
Right now there are a few plugin specific parts in the admin configuration form which are hardcoded.
Since the aim is to make this as generic as possible, making the admin configuration alterable is a must.
The user should be allowed to disable TFA only when he has this permission.
The user should be allowed to login 2-3 times without validation if he/she has not set up the required validation yet.
When using the parent::build() function to get the non-form related code from the core UserLoginBlock the submit handler seems to call the UserLoginForm submit handler even after the $build['user_login_form'] is replaced with the TfaLoginForm and returned from the build function.
Figuring out why this happens and resolving the issue (if possible) would allow us to simplify the build() logic and no duplicate what we can use from the UserLoginForm.
Currently, the only plugin types that gets loaded properly are TfaValidation and TfaSetup plugins. In the __construct method in the Tfa.php class, use the method that the validation plugin loading uses to load other plugin types.
Note:: Will likely need to make updates to tfa_basic to have an example to work with in order to get this working.
After you setup TFA if you wish to disable it the form asks for the user password.
After getting the user password should we try to validate it more by going through whatever validation methods the user has setup?
Motivattion
Resolution
Motivation
We are shifting validation libraries from tfa basic to tfa.
The plugin definiton will be updated and hence if someone updates the plugin he will face fatal errors as the plugin definitons are still the outdated cached ones.
Resolution
TBD
Helper metadata like links for authentication apps as used in TOTPSetup should be moved to an annotation.
The schema for the tfa module is not correct.
For now I have hard coded some values but this needs to be improved in the future to make this more flexible so that other plugins can define the schema for any furthur implementations.
We encrypt the user secret using the encrypt
method which utilizes the mcrypt
extension.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.