search

catalyst / moodle-tool_mfa

A Multi-Factor Authentication Moodle plugin with flexible support for TOTP, Email, IP and more
https://moodle.org/plugins/tool_mfa
34 stars 38 forks source link

If you can't login, and there is no grace, and there is 'no setup factors' then explain them #55

Open brendanheywood opened 5 years ago

brendanheywood commented 5 years ago

This is the reverse case of: https://github.com/catalyst/moodle-tool_mfa/issues/54

Lets say we have a hard line policy of iprange OR totp and no grace. So you must login on a secure network, setup totp, to enable use in the wild.

Lets say a user doesn't do that, they are outside, they will just be denied access. Now we could just have a generic 'you don't have enough factors' message, but it's not that great. We could allow it to be overridden, and thats ok but it's extra work.

Instead we should generate a 'possibly way to login' if one exists. ie lets assume they have 0 points of 'needs setup' factors, but there is 100 points of 'no setup' factors. Then it should say 'if you want to login, you need to be on a secure network, and then you can setup MFA'

Maybe we can structure it so we can use the same chunks of language for both use cases (but might get awkward quickly)

brendanheywood commented 3 years ago

+1 we have all the data model in place for this now to enable this