CoreProtect-Lookup-Web-Interface icon indicating copy to clipboard operation
CoreProtect-Lookup-Web-Interface copied to clipboard

Published 20 hours ago verified publisher icon chuushi

2 Factor Authentification

Open ntimo opened this issue 8 years ago • 10 comments

Hi there, I just thought wouldn't it be nice. to have 2 Factor authentication. Maybe you could store the database login data in a mysql database with the users, so you can have multi users with passwords and different login data to log into the web interface and have an option to add 2 Factor authentication too them.

Requests:

  • 2 FA
  • Multiusers
  • Store all Settings in a DB for more scalabilty

Thx Timo

ntimo avatar Jul 31 '16 23:07 ntimo

I can do the Multiuser support, but I don't know about the 2 factor authorization. What'll be the second factor?

Storing all things in a database seems like a cool idea. I'll see what I can come up with. Maybe I can make a server-side plugin and allow people to make a user account through it based on some permission node.

chuushi avatar Aug 01 '16 21:08 chuushi

@SimonOrJ I would use something like Authy for the 2fa. It's easy to integrate and has great (and free) browser and phone apps.

JoeNorth avatar Aug 02 '16 02:08 JoeNorth

@JoeNorth Okay but is authey compatible with the normal 2Fa codes that lets say the google authentificator generates? Because if not it would be useless. Because no one would like to be forced to use this one app for only this one site. When they have all their other 2FA tokens some where else.

ntimo avatar Aug 02 '16 07:08 ntimo

You could maybe use something like this: https://github.com/antonioribeiro/google2fa

ntimo avatar Aug 02 '16 07:08 ntimo

@ntimo Generally you'd use Authy to also manage all your google 2fa tokens by scanning in the QR codes. I'd assume you can also use Authy QR codes in the google auth app.

JoeNorth avatar Aug 03 '16 02:08 JoeNorth

Do you have any news about the Milestone for version 1.0?

ntimo avatar Aug 26 '16 06:08 ntimo

It'll probably take a long time until it gets started or made.

Also, I don't think I can code the 2 factor authentication into the project. It took me long enough to try to research how to make a more secure way to log people in.

All the login code stuff is stored in this file. It would really help if anyone interested can code 2FA into the file.

That aside, I am considering using a database to store player login data so both Minecraft server (with a future CoLWI plugin) and the webserver can have access to them and to make it possible for moderators to create an account through MC.

chuushi avatar Aug 26 '16 16:08 chuushi

There are plenty of PHP libraries out there for 2fa and for user authentication. I'd be more apt to use one of those than to use something rolled on your own simply for security's sake. I'll see if I can't give it a go and get 2fa working.

JoeNorth avatar Aug 26 '16 23:08 JoeNorth

How did it go (if you got it working in a way)?

chuushi avatar Sep 15 '16 22:09 chuushi

2FA is definitely on my to-do list now. I don't think I understood what 2FA meant 4 years ago, lol. Sorry for the troubles back then!

chuushi avatar May 18 '20 07:05 chuushi