2FA login with Duo - feature

bugy / script-server

Web UI for your scripts with execution management

Other

1.58k stars 247 forks source link

2FA login with Duo - feature #360

Open Alonel opened 3 years ago

Alonel commented 3 years ago

Hey,

I think it will be cool security feature to add option for 2FA with Duo and Similar. What do you think?

bugy commented 3 years ago

I think it might be cool, but to be honest, I never worked with it and won\t be able to write this integration.

I could work on it if there would be enough votes/requests. Or if you or someone else would like to contribute here, I would be glad to help and consult on the existing code

Alonel commented 3 years ago

I'll be happy to cooperate with you and help with the integration(which should be very simple and well documented by Duo). Probably I'll need some direction from you to relevant places in the code.

bugy commented 3 years ago

Hi @Alonel each authentication provider has its own implementation class, for example: https://github.com/bugy/script-server/blob/master/src/auth/auth_abstract_oauth.py (this is shared for GitLab and Google)

Every authenticator should implement the following method: async def authenticate(self, request_handler):

The returned value of the method is fully authenticated username. With 2FA I think there is 1 additional step (and 1 additional request from client to server), i.e.:

Authenticate user (gets intermediate name, calculate signed_request, redirect user to ) 2. Confirm 2FA token

To implement this step, https://github.com/bugy/script-server/blob/master/src/auth/tornado_auth.py should be extended and expect redirect response from Authenticator.authenticate

Frontend side is defined here: https://github.com/bugy/script-server/blob/master/web-src/src/login/login.js https://github.com/bugy/script-server/blob/master/web-src/public/login.html

Alonel commented 3 years ago

Thanks for the references. Can you also help me with the build process? I'm receiving many errors. Which modules needed and are any other prerequisites needed in order to build successfully?

bugy commented 3 years ago

Hi, i think i would need a bit more info from you:

what are you trying to build, python or JavaScript?
did you run tools/init.py --no-npm?
could you send me the errors, please?

Alonel notifications@github.com schrieb am Di., 10. Nov. 2020, 21:24:

Thanks for the references. Can you also help me with the build process? I'm receiving many errors. Which modules needed and are any other prerequisites needed in order to build successfully?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/bugy/script-server/issues/360#issuecomment-724946046, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJXPJI5CTV7RIHJJPT6OA3SPGOQBANCNFSM4TGZIEFA .