runelaenen / shopware6-two-factor-auth

Two Factor Authentication for Shopware 6 💙
MIT License
35 stars 16 forks source link

Force 2FA for Administration #48

Open zolthan opened 1 year ago

zolthan commented 1 year ago

Hi @runelaenen ,

do you think it's possible to force backend users to use the 2FA before using the rest of the administration? We have a customer whose admin users have to use the 2FA. Currently it is optional to use the 2FA and the users normally use the easy way without 2FA.

I could think of a message on login on the right side in the message center, or a forced redirect to the profile where the 2FA can be configured.

What do you mean?

Best Sebastian

zolthan commented 1 year ago

Hi @runelaenen do you plan to implement this feature in the near future? One of our customers has a policy that 2FA has to be used by admin users. Currently only a few of them are using it as they are not forced to use it. Best Sebastian

runelaenen commented 1 year ago

Hello @zolthan

Thank you for reaching out. While I understand the importance of the mandatory 2FA feature for your customer's policy, I currently don't have the bandwidth to implement it myself. However, I welcome contributions from the open source community and encourage anyone interested in adding this feature to create a pull request. I would be happy to review and merge it once it meets the project's standards and requirements.

zolthan commented 1 year ago

Hi Rune,That’s why I wrote. I will have a look if we can improve it ourselves and contribute. I just needed to know if it’s in your pipe.

zolthan commented 1 year ago

Hi @runelaenen ,

we created this feature as a patch for our current version 1.1.2 we are running in the shop. Unfortunately it makes no sense to create a pull request for an old version. Maybe you can apply the patches to the current version so it will be available for the future 6.5 updates.

I hope it helps you.

Best, Sebastian

force2fa_id_js.patch force2fa.patch

zolthan commented 9 months ago

Hi @runelaenen , did you look into our patches? Could you please add the feature to the plugin? Our customers who have Backend-2FA are using it mandatory. So no Backend-User can login without first going through the 2FA process. Best Sebastian