Use 2FA when resetting a forgotten password if found/setup.

e107inc / twofactorauth

Two-Factor Authenthication (2FA) for e107

2 stars 2 forks source link

Use 2FA when resetting a forgotten password if found/setup. #3

Open CaMer0n opened 3 years ago

CaMer0n commented 3 years ago

As it says. :-)

Moc commented 3 years ago

@CaMer0n I think we'd need a new event trigger for this in core (/fpw.php). Something like this;

if($invalid = e107::getEvent()->trigger("user_fpw_request", $row))
{
    fpw_error($invalid);
    exit;
}

Not sure where specifically though, maybe line 253?

What do you think?

Moc commented 3 years ago

@CaMer0n Hmm, actually. I need something more I think. With 'login' I can use validLogin(). For FPW, I also need some way to 'hook' back into the process after validating the 2FA code.

See my latest commit: https://github.com/e107inc/twofactorauth/commit/c3e80586d498a682ac45632ff46d619c3771efee (line 213 of twofactorauth_class.php specifically: https://github.com/e107inc/twofactorauth/commit/c3e80586d498a682ac45632ff46d619c3771efee#diff-7f881b6df975039216189630e140cc7c603a29049cf5d75f3150d441d1be97cfR213)

CaMer0n commented 3 years ago

@Moc I would use override. That's how we did it for visualcaptcha.

Moc commented 3 years ago

@CaMer0n but then it would not be possible to use both captcha and 2FA on Forgotten Password.

CaMer0n commented 3 years ago

Good point. Will look at what events can be added.

Moc commented 1 month ago

@CaMer0n Can you take a look at this and suggest how to "hook back" into the forgotten password routine? Just as this plugin does when logging in using validLogin()