hackage-server icon indicating copy to clipboard operation
hackage-server copied to clipboard
verified publisher icon haskell

Support two factor authentication

Open sorki opened this issue 2 years ago • 2 comments

Multi factor auth (MFA) or two-factor auth (2FA) would be a nice addition to hackage-server. Both for its account management page and cabal upload functionality.

There seems to be three related libraries on Hackage:

  • https://hackage.haskell.org/package/OTP
  • https://hackage.haskell.org/package/crypto-totp
  • https://hackage.haskell.org/package/gamgee (no go due to polysemy I guess)

As a minimal implementation, account management page would allow user to add a TOTP token via a QR code.

QR code related packages:

  • https://hackage.haskell.org/package/qrcode-core
  • https://hackage.haskell.org/package/qrcode-juicypixels

Suggestions welcome! I'm willing to work on this myself, would also appreciate co-authors since this requires a PRs for both hackage-server and cabal (and possibly for one of the OTP libraries).

sorki avatar Nov 21 '23 05:11 sorki

Other people raised this recently too -- especially in light of pypi moving to 2fa https://discuss.python.org/t/announcement-2fa-requirement-for-pypi-2024-01-01/40906

working towards a 2fa story sounds well worth it and would be a welcome pr.

gbaz avatar Jan 06 '24 19:01 gbaz

There is also https://hackage.haskell.org/package/webauthn by yours truly . For Yubikeys and passkeys

arianvp avatar Apr 09 '24 12:04 arianvp