1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-29 02:02:41 +01:00
phorge-phorge/src/applications/settings/panel
epriestley 17709bc167 Add multi-factor auth and TOTP support
Summary:
Ref T4398. This is still pretty rough and isn't exposed in the UI yet, but basically works. Some missing features / areas for improvement:

  - Rate limiting attempts (see TODO).
  - Marking tokens used after they're used once (see TODO), maybe. I can't think of ways an attacker could capture a token without also capturing a session, offhand.
  - Actually turning this on (see TODO).
  - This workflow is pretty wordy. It would be nice to calm it down a bit.
  - But also add more help/context to help users figure out what's going on here, I think it's not very obvious if you don't already know what "TOTP" is.
  - Add admin tool to strip auth factors off an account ("Help, I lost my phone and can't log in!").
  - Add admin tool to show users who don't have multi-factor auth? (so you can pester them)
  - Generate QR codes to make the transfer process easier (they're fairly complicated).
  - Make the "entering hi-sec" workflow actually check for auth factors and use them correctly.
  - Turn this on so users can use it.
  - Adding SMS as an option would be nice eventually.
  - Adding "password" as an option, maybe? TOTP feels fairly good to me.

I'll post a couple of screens...

Test Plan:
  - Added TOTP token with Google Authenticator.
  - Added TOTP token with Authy.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8875
2014-04-28 09:27:11 -07:00
..
PhabricatorSettingsPanel.php Give administrators selective access to System Agent settings panels 2014-04-02 12:06:05 -07:00
PhabricatorSettingsPanelAccount.php There should be no spaces before closing parenthesis in calls. 2014-02-26 12:49:33 -08:00
PhabricatorSettingsPanelActivity.php Add multi-factor auth and TOTP support 2014-04-28 09:27:11 -07:00
PhabricatorSettingsPanelConduit.php Give administrators selective access to System Agent settings panels 2014-04-02 12:06:05 -07:00
PhabricatorSettingsPanelConpherencePreferences.php Various linter fixes. 2014-02-26 12:44:58 -08:00
PhabricatorSettingsPanelDeveloperPreferences.php Various linter fixes. 2014-02-26 12:44:58 -08:00
PhabricatorSettingsPanelDiffPreferences.php Various linter fixes. 2014-02-26 12:44:58 -08:00
PhabricatorSettingsPanelDisplayPreferences.php Modernize documentation links 2014-03-17 15:01:31 -07:00
PhabricatorSettingsPanelEmailAddresses.php Add semi-generic rate limiting infrastructure 2014-04-03 11:22:38 -07:00
PhabricatorSettingsPanelEmailPreferences.php Simplify PHUIObjectBoxViews handling of Save and Error states 2014-01-10 09:17:37 -08:00
PhabricatorSettingsPanelExternalAccounts.php Fix Cards list in External Accounts 2014-01-08 21:27:06 -08:00
PhabricatorSettingsPanelHomePreferences.php Hide uninstalled applications on the "Home Application Tiles" preferences page 2014-04-01 12:27:52 -07:00
PhabricatorSettingsPanelMultiFactor.php Add multi-factor auth and TOTP support 2014-04-28 09:27:11 -07:00
PhabricatorSettingsPanelPassword.php Don't prompt to upgrade unset passwords 2014-02-20 08:12:04 -08:00
PhabricatorSettingsPanelSearchPreferences.php Various linter fixes. 2014-02-26 12:44:58 -08:00
PhabricatorSettingsPanelSessions.php Let users review their own account activity logs 2014-04-27 17:32:09 -07:00
PhabricatorSettingsPanelSSHKeys.php Add "High Security" mode to support multi-factor auth 2014-04-27 17:31:11 -07:00