Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use 2FA when resetting a forgotten password if found/setup. #3

Open
CaMer0n opened this issue Jan 26, 2021 · 5 comments
Open

Use 2FA when resetting a forgotten password if found/setup. #3

CaMer0n opened this issue Jan 26, 2021 · 5 comments
Labels
status: planned This issue is planned to be resolved in a future release type: enhancement New feature or request
Projects
Roadmap

Comments

@CaMer0n
Copy link
Member

CaMer0n commented Jan 26, 2021

As it says. :-)
@CaMer0n CaMer0n added the type: enhancement New feature or request label Jan 26, 2021
@Moc Moc added the status: planned This issue is planned to be resolved in a future release label Jan 26, 2021
@Moc Moc added this to To do in Roadmap via automation Jan 26, 2021
@Moc
Copy link
Member

Moc commented Jan 27, 2021
edited
Loading

@CaMer0n I think we'd need a new event trigger for this in core (/fpw.php). Something like this;

if($invalid = e107::getEvent()->trigger("user_fpw_request", $row))
{
	fpw_error($invalid);
	exit;
}

Not sure where specifically though, maybe line 253?

What do you think?

@Moc Moc moved this from To do to In progress in Roadmap Jan 27, 2021
@Moc
Copy link
Member

Moc commented Jan 27, 2021
edited
Loading

@CaMer0n Hmm, actually. I need something more I think. With 'login' I can use validLogin(). For FPW, I also need some way to 'hook' back into the process after validating the 2FA code.

See my latest commit: c3e8058
(line 213 of twofactorauth_class.php specifically: c3e8058#diff-7f881b6df975039216189630e140cc7c603a29049cf5d75f3150d441d1be97cfR213)

Moc added a commit that referenced this issue Jan 27, 2021
@Moc
#3 - Check for 2FA upon "Forgotten Password" request
c3e8058 
Not functional yet!
@CaMer0n
Copy link
Member Author

CaMer0n commented Jan 27, 2021

@Moc I would use override. That's how we did it for visualcaptcha.

@Moc
Copy link
Member

Moc commented Jan 28, 2021

@CaMer0n but then it would not be possible to use both captcha and 2FA on Forgotten Password.

@Moc Moc moved this from In progress to On hold in Roadmap Jan 31, 2021
@CaMer0n
Copy link
Member Author

CaMer0n commented Feb 1, 2021

Good point. Will look at what events can be added.

@Moc Moc changed the title Use 2FA to reset a forgotten password if found/setup. Use 2FA when resetting a forgotten password if found/setup. Aug 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: planned This issue is planned to be resolved in a future release type: enhancement New feature or request
Projects
2FA Roadmap
Status: On hold
Roadmap
On hold
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Moc @CaMer0n