Add 2FA support for login

[bodhish]

Project Detail

CARE is a centralized capacity management and patient management system, central to the 10BedICU Project, integrating patients, doctors, hospitals, labs, specialized treatment centers, hospital administrators, and shifting control cells. Hospitals update crucial information about their assets, providing district administration with a comprehensive view of the healthcare system via smart dashboards. CARE digitizes patient records, streamlines workflows for pandemic management, and is deployed in remote areas, enabling TeleICU services for underserved citizens. It revolutionizes healthcare management, enhancing efficiency, accessibility, and patient outcomes.

Features To Be Implemented

This focuses on bolstering the security of the login process within the system. The key objective is to introduce a robust Two-Factor Authentication (2FA) mechanism, enhancing user account protection against unauthorized access. The features to be implemented are outlined below:

1. 2FA Integration at Login:

   • Modify the login page to incorporate a second step for 2FA, specifically a field for entering a verification code following successful username and password verification.
   • The 2FA method proposed is TOTP (Time-Based One-Time Password) with backup tokens as fallback.
   • SMS based otp should be configurable by deployments

2. Backend Support for TOTP:

   • Integrate a library compatible with TOTP, such as https://github.com/pyauth/pyotp, at the backend for seamless 2FA functionality.

3. User Enrollment for 2FA:

   • Enable users to enroll in 2FA either via account settings.
   • Verify the 2FA method at the time of enrollment
   • This process involves generating a unique secret key for the user, which can then be added to their preferred authentication app.
   • Users should have the flexibility to add or remove 2FA from their profile settings at any time.

4. Backup Code Provision:

   • Offer fallback options such as backup codes or sms/email based otp, enabling users to access their accounts in cases where they lose access to their 2FA device.

5. Secure Storage of TOTP Secret Key:

   • Ensure the secret key for TOTP is stored securely within the database to prevent unauthorized access.

6. Security Measures Against Brute Force Attacks:

   • Implement rate limiting on 2FA attempts to mitigate the risk of brute force attacks.

7. User Support and Guidance:

   • Provide clear instructions and support to assist users in setting up and effectively using 2FA.
   • Ensure users are supplied with backup codes as a contingency for potential 2FA device loss.

Learning Path

	Details
Complexity	Medium
Required Skills	ReactJS, TypeScript, Django, Python
Mentors	@nihal467 , @vigneshhari , @khavinshankar , @rithviknishad , @gigincg , @Ashesh3 , @sainak
Project Size	175 hours

Link to documentation for Product Set-Up

1. For setting up the frontend, please refer to the readme file available at: https://github.com/coronasafe/care_fe
2. For setting up the backend, please refer to the readme file available at: https://github.com/coronasafe/care

Acceptance Criteria

• All the CI/CD workflows should pass.
• Code is logically structured for long-term project sustainability.
• Proper descriptions should be included for review purposes.
• QA and Code Review

Milestone

• [ ] Get to know CARE as a product and understand the workflow.
• [ ] Understand the user-level requirements and come up with a design.
• [ ] Design and implement the updated UI
• [ ] Complete functionality of 2FA support for login
• [ ] Implement a Basic Cypress automation test to test functionality
• [ ] Optimise and improve UX
• [ ] Review and QA

[Ashesh3]

Considerations while working on this issue:

• Modify the login page to include a second step for 2FA. This could be a field for entering a verification code after successful verification of username and password combination.

• 2FA method would be TOTP ( @bodhish can you confirm this? )

• Integrate 2FA Library: For TOTP, integrate a library that supports it, such as PyOTP in Python at the backend.

• At the time of account creation or through account settings, allow users to enroll in 2FA. This will involve generating a secret key for the user, which they can add to their authentication app. They should be able to add/remove 2FA at any time through their profile settings.

• Offer fallback options like backup codes in case the user loses access to their 2FA device.

• Store the secret key for TOTP securely in the database.

• Consider rate limiting 2FA attempts to prevent brute force attacks.

• Provide clear instructions and support for users to understand how to set up and use 2FA.

[MAVRICK-1]

HI, mentainers , I am willing to work on this .

[dgparmar14]

Hii , I am Dhrumit and i love to devlope a frontend in next.js and react js. I done two projects of the Next.js full stack projects. I love to contribute in Next.js website .

[nihal467]

Hey everyone,

Thank you for showing interest in the projects. I would like to inform you that we have scheduled EOD calls on Zoom from Monday to Saturday at 7:30 PM to discuss your work and address any doubts with the core team. Alternatively, feel free to use our #care_general Slack channel.

The meeting links will be shared in our #reminder channel in our Slack workspace.

Link to join the Slack: Slack Workspace

Meanwhile, please explore the care platform and familiarize yourself with its features. Feel free to play around with it and assign any open issues as you see fit.

[Re-Dei]

Hi! I am Hridaya. Getting straight to the point, I would like to contribute to this open source project by solving this issue for GSOC 2024. I am fairly experienced in Next.js and have more than 1.5 years+ experience working with Next.js and more than 2 years as a web developer. I wouldn't say I am a expert however I am more than an intermediate developer regarding Next.js and the features such as SSR, SSG, ISR, streaming components as well as optimizing the performance of the website to have at least 90 score on lighthouse which is tough to obtain since Next.js is very heavy on performance in comparison to frameworks like Solid and Astro. So I hope I could get a chance to work on this open source project which aims to contribute towards the health sector.

[Vinyl-Davyl]

Hi, Maintainers. I'm Vinyl-Davyl! and I'm willing to work on this

[ab1123]

Hello, Myself Harsheet Sharma, and I am willing to work on this project.

[itxsoumya]

hello maintainers please assign this issue to me

[rithviknishad]

Hey @itxsoumya

This is a GSoC issue. It'll be assigned once your proposal is approved.

[kumar11jr]

Hello @nihal467 @rithviknishad ,

I'm Prabhat Kumar, an enthusiastic undergraduate in computer science with a strong passion for full-stack development, especially within the MERN stack. Your GSoC 2024 project has captured my interest, and I'm genuinely excited about the opportunity to contribute.

Project Overview:

The project involves integrating TOTP-based 2FA into the authentication process of Open Health Networks. 2FA adds an additional layer of security by requiring users to provide a second factor, in addition to their password, during login. TOTP is a widely adopted 2FA method that generates temporary codes based on a shared secret and current time.

Objectives:

1. Integration with Existing Authentication System: Investigate the current authentication system used by Open Health Networks and devise a strategy to seamlessly integrate TOTP-based 2FA without disrupting existing user workflows.

2. User Interface Design: Develop user-friendly interfaces for enabling and managing 2FA settings within the Open Health Networks platform. This includes designing intuitive setup wizards and authentication prompts.

3. TOTP Generation and Verification: Implement TOTP generation and verification mechanisms according to the Time-Based One-Time Password Algorithm specified in RFC 6238. Ensure secure storage of user secrets and adherence to best practices in cryptographic security.

4. Backup and Recovery Mechanisms: Implement backup and recovery mechanisms to facilitate the restoration of access in case users lose their TOTP devices or encounter other authentication challenges.

5. Documentation and Testing: Document the implementation details, including setup instructions, usage guidelines, and security considerations. Conduct comprehensive testing to ensure the reliability, compatibility, and security of the 2FA implementation across various platforms and devices.

Deliverables:

• Seamless integration of TOTP-based 2FA into Open Health Networks.
• User-friendly interfaces for enabling and managing 2FA settings.
• Secure TOTP generation, verification, and backup mechanisms.
• Comprehensive documentation covering setup, usage, and security considerations.
• Successfully passed tests demonstrating the reliability and effectiveness of the 2FA implementation.

[r-nikhilkumar]

Hii @nihal467,rithviknishad, really this issue is quite good and aligned with my skills, I want to contribute here

[NutNick31]

Hello @nihal467 and @rithviknishad , I am Rajesh Kumar Singh an undergraduate engineering student, with strong passion in full-stack development. I have read the problem statement and I am really interested to contribute to this project.

I have read the project features to be implemented and I think my skills be really helpful for the project, as it's requirements align with my past experience, I have worked with 2 factor authentication before as well, in MERN stack. And I have figured out the how I will implement it in Django as well.

Features to be Implemented: 1) 2 Factor Authentication: The login page of the care frontend will be modified to direct user's to a new page, where they will be required to fill the OTP that will be sent to them via email, and the OTP will be a time-base OTP, which will expire after certain time. 2) Backend Integration: Library like pyotp will be used to generate time-based to otp and it will integerated in backend of the care i.e care_fe 3) User Enrollment for 2FA: Users will be able to enroll in 2FA through their account settings. During enrollment, the 2FA method will be verified, and a unique secret key will be generated for the user, which can then be added to their preferred authentication app. Users will have the flexibility to add or remove 2FA from their profile settings at any time. 4) Secuiry Measures: Rate Limiting will be implemented on the 2 factor authentication system.

[nuwani-sithara]

Hii, I'm nuwani, and I am willing to work on this project.

[mridulsaggi]

Hello @nihal467 and @rithviknishad , I closely went through the requirements for the project. I am a MERN developer and can enable all these features along with a beautiful ui for frontend. please assign me this project. Looking forward to work together.

[Divyam6969]

Hey there!👋

I'm Divyam and I'm excited about the opportunity to contribute to this project, especially through GSoC. I've attached my project proposal on the GSoC website and I'm thrilled about the prospect of working on enhancing the security with Two-Factor Authentication (2FA) in the CARE system. This aligns perfectly with my interests and skills.

From what I understand, users will initially input their username and password on the login page. After the backend server verifies these credentials successfully, a request is triggered to the 2FA service for generating a Time-Based One-Time Password (TOTP) code. Subsequently, this code is transmitted to the user, who then inputs it on the login page. Once received, the backend server proceeds to validate the TOTP code and authenticate the user, subsequently redirecting them to the dashboard upon successful authentication.

I have experience in web development, particularly with ReactJS and Django. In previous projects, I've successfully implemented 2FA mechanisms using libraries like pyotp for TOTP generation and verification, as well as bcryptjs for user authentication. Additionally, I'll be a Globalink Research Intern at MITACS this summer in which I will be working on a similar project, which will complement my contributions to this project. I'm eager to learn more about the project and discuss how I can contribute effectively. Thank you for considering my application.

You can reach me at divyammalik2003@gmail.com and find my GitHub profile here.

Best regards, Divyam

[atinder11]

Hello @nihal467 and @rithviknishad ,

I am Atinder Kumar, a dedicated undergraduate student majoring in Computer Science. My passion for software development is fueled by a desire to make meaningful contributions to real-world projects. My motivation for applying to this project stems from a strong interest in cybersecurity and a commitment to enhancing data protection measures.

With proficiency in ReactJS, TypeScript, Django, and Python, I am well-equipped to contribute to the implementation of Two-Factor Authentication (2FA).
So I hope I could get a chance to work on this open-source project which aims to contribute towards the health sector through GSOC .

Warm Regard Atinder Kumar

[Alokih]

Hey @rithviknishad @bodhish @nihal467 I just wanted to ask was this project selected for Gsoc this year ? If not then are you planning to have this functionality, if yes then I would love to work on this.

[bodhish]

@Alokih do pick it up if you are interested.

[Alokih]

Yeah sure @bodhish I will definitely give it a try, can you please assign me

[bodhish]

Done, do keep a draft PR and ask for reviews whenever you feel you need more details. Ask questions in our slack community;

Lets ship this out 🚀

[Alokih]

Ok Thnx @bodhish

[bodhish]

@Alokih can you update the progress here?