Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use 2FA when resetting a forgotten password if found/setup. #3

Open
CaMer0n opened this issue Jan 26, 2021 · 6 comments
Open

Use 2FA when resetting a forgotten password if found/setup. #3

CaMer0n opened this issue Jan 26, 2021 · 6 comments
Labels
help wanted Extra attention is needed status: planned This issue is planned to be resolved in a future release type: enhancement New feature or request

Comments

@CaMer0n
Copy link
Member

CaMer0n commented Jan 26, 2021

As it says. :-)
@CaMer0n CaMer0n added the type: enhancement New feature or request label Jan 26, 2021
@Moc Moc added the status: planned This issue is planned to be resolved in a future release label Jan 26, 2021
@Moc
Copy link
Member

Moc commented Jan 27, 2021
edited
Loading

@CaMer0n I think we'd need a new event trigger for this in core (/fpw.php). Something like this;

if($invalid = e107::getEvent()->trigger("user_fpw_request", $row))
{
	fpw_error($invalid);
	exit;
}

Not sure where specifically though, maybe line 253?

What do you think?

@Moc
Copy link
Member

Moc commented Jan 27, 2021
edited
Loading

@CaMer0n Hmm, actually. I need something more I think. With 'login' I can use validLogin(). For FPW, I also need some way to 'hook' back into the process after validating the 2FA code.

See my latest commit: c3e8058
(line 213 of twofactorauth_class.php specifically: c3e8058#diff-7f881b6df975039216189630e140cc7c603a29049cf5d75f3150d441d1be97cfR213)

Moc added a commit that referenced this issue Jan 27, 2021
@Moc
#3 - Check for 2FA upon "Forgotten Password" request
c3e8058 
Not functional yet!
@CaMer0n
Copy link
Member Author

CaMer0n commented Jan 27, 2021

@Moc I would use override. That's how we did it for visualcaptcha.

@Moc
Copy link
Member

Moc commented Jan 28, 2021

@CaMer0n but then it would not be possible to use both captcha and 2FA on Forgotten Password.

@CaMer0n
Copy link
Member Author

CaMer0n commented Feb 1, 2021

Good point. Will look at what events can be added.

@Moc Moc changed the title Use 2FA to reset a forgotten password if found/setup. Use 2FA when resetting a forgotten password if found/setup. Aug 30, 2021
@Moc Moc added this to 2FA Roadmap Mar 16, 2024
@Moc Moc moved this to On hold in 2FA Roadmap Mar 16, 2024
@Moc Moc added the help wanted Extra attention is needed label Aug 5, 2024
@Moc
Copy link
Member

Moc commented Aug 13, 2024
edited
Loading

@CaMer0n Can you take a look at this and suggest how to "hook back" into the forgotten password routine? Just as this plugin does when logging in using validLogin()

Moc referenced this issue Aug 15, 2024
@Moc
#6 - some tweaking to FPW functionality WIP
ac64fc8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed status: planned This issue is planned to be resolved in a future release type: enhancement New feature or request
Projects
2FA Roadmap
Status: On hold
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Moc @CaMer0n