[NEW FEATURE]: Save 2FA token via input field #138
Comments
|
@Noxdor Do you possibly have time for that? |
|
I'll get to it this weekend, will post a PR latest by Sunday. |
|
@C0ntroller Could you shortly explain to me the new api? What do I have to call on save and delete? (assuming |
|
@Noxdor When creating a token you can choose between a timed otp (for usage with an authentificator app) and an indexed secret (a password and you have to type in the characters from two random indexes). Only one at a time can exist. {
cmd: 'set_totp',
secret: toto-token oder Zeichenfolge von Indexed secret,
type: 'totp' | 'iotp',
platform: 'zih'
} That's everything that you need to send when saving an otp. On delete you need to delete user data as always for platform 'zih-totp' and 'zih-iotp'. |
|
How can users retrieve the relevant token(s)? |
|
So users have to create these tokens externally and then copy them into the input field, selecting what kind of token it is? (totp / iotp) Can this feature even work with a totp since that one has to come every time newly from the authenticator? |
The user always has to save the full indexed secret somewhere and for the totp some authentificator apps allow you to read the uri that was used to set it up.
Users always should have these 2fa tokens saved outside TUfast. When creating a token a Popup is shown to save them in TUfast. The option you now implement will probably not be used by many but is good to have.
A totp has a secret token it uses to generate these 6-digit-codes every 30 seconds (or similar). See the new otp module how it is generated. |
|
Can we maybe provide a description on how the token-saving-process works for one particular authenticator app? So that users can set it up more easily? |
The easiest way for most users is to just create a new token. |
|
TU Dresden recommends two 2FA services: https://faq.tickets.tu-dresden.de/otrs/public.pl?Action=PublicFAQZoom;ItemID=932 Are you using one of them with which it works or a different one? Maybe we can provide a description for one of these apps as we can assume that most students should be using one of the twa. This could be 2FAS for instance. |
Me? I use a different one. Will look into these two if the even provide the necessaries to dump the token. @Noxdor For the pattern matching, the IOTP seems to be 25 random characters, with upper lower and special characters. In my case I never had anything non-ascii but idk. The totp key needs to be a Base32 encoded value. See the otp value for valid characters. I don't know if the length is always the same. Probably it would be cool if you could also paste the whole URI and extract the token from it. See contentScripts/other/otpSnatcher |
As I said it also is probably not used that often so should we release the current state and the UI improvements when they are ready? @OliEfr |
I released v8.1.0.0 (under review in the stores). |
|
Hey guys @OliEfr @C0ntroller, unfortuntely I am not having the time to work on this. It is a bit more work than I initially expected and I am so out of time right now looking for my diploma thesis, finding a new apartment while working 35h+ .. Unfortunately I am not seeing me having time for this, the little bit of free time I am having rn I really need to recharge my batteries. Hope @C0ntroller will find time for it in the future or there will be another external PR :) |
|
Thanks for the feedback and don't you worry! 😃 Focus on your work and good luck! |
|
Closed by #145 |
From #131
#131 (comment):
#131 (comment):
The text was updated successfully, but these errors were encountered: