Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-514

Client Login: Add two factor authentication

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0.b3
    • Fix Version/s: 3.4.0-b1
    • Component/s: Client Interface
    • Labels:
      None

      Description

      Add two factor authentication for clients.

      This should be simplified. Perhaps only offer TOTP as an option, with QR code displayed.

        Issue Links

          Activity

          cody Cody Phillips (Inactive) created issue -
          admin Paul Phillips made changes -
          Field Original Value New Value
          Fix Version/s 3.0.0.b5 [ 10209 ]
          Fix Version/s 3.0.0.b4 [ 10208 ]
          admin Paul Phillips made changes -
          Fix Version/s 3.0.0.b6 [ 10210 ]
          Fix Version/s 3.0.0.b5 [ 10209 ]
          admin Paul Phillips made changes -
          Fix Version/s 3.0.0.b7 [ 10211 ]
          Fix Version/s 3.0.0.b6 [ 10210 ]
          admin Paul Phillips made changes -
          Fix Version/s 3.0.0 [ 10000 ]
          Fix Version/s 3.0.0.b7 [ 10211 ]
          admin Paul Phillips made changes -
          Fix Version/s 3.0.1 [ 10212 ]
          Fix Version/s 3.0.0 [ 10000 ]
          admin Paul Phillips made changes -
          Fix Version/s 3.0.2 [ 10213 ]
          Fix Version/s 3.0.1 [ 10212 ]
          admin Paul Phillips made changes -
          Fix Version/s 3.0.3 [ 10214 ]
          Fix Version/s 3.0.2 [ 10213 ]
          admin Paul Phillips made changes -
          Fix Version/s 3.2.0 [ 10002 ]
          Fix Version/s 3.0.3 [ 10214 ]
          admin Paul Phillips made changes -
          Fix Version/s 3.4.0 [ 10400 ]
          Fix Version/s 3.2.0 [ 10002 ]
          Hide
          admin Paul Phillips added a comment - - edited

          This should also work with contact logins CORE-627

          Show
          admin Paul Phillips added a comment - - edited This should also work with contact logins CORE-627
          admin Paul Phillips made changes -
          Security Private [ 10000 ]
          admin Paul Phillips made changes -
          Sprint 3.4.0 Sprint 1 [ 3 ]
          admin Paul Phillips made changes -
          Rank Ranked lower
          cody Cody Phillips (Inactive) made changes -
          Story Points 5
          Hide
          admin Paul Phillips added a comment -

          Needs a new task


          Under the client "Edit My Information" page, break the following sections down into tabs.

          • Contact Information
          • Billing Information (client only)
          • Additional Settings (client only)
          • Authentication (change password and setup/disable 2FA)

          2FA will then be configurable under the "Authentication" tab.

          Show
          admin Paul Phillips added a comment - Needs a new task — Under the client "Edit My Information" page, break the following sections down into tabs. Contact Information Billing Information (client only) Additional Settings (client only) Authentication (change password and setup/disable 2FA) — 2FA will then be configurable under the "Authentication" tab.
          Hide
          admin Paul Phillips added a comment -

          Admin users need to be able to disable 2FA for clients and contacts. If a client/contact is loses their key, disabling it will allow them to log in and set it up again.

          Admins should not be able to see the 2FA key, only turn it off if it has been set up.

          Show
          admin Paul Phillips added a comment - Admin users need to be able to disable 2FA for clients and contacts. If a client/contact is loses their key, disabling it will allow them to log in and set it up again. Admins should not be able to see the 2FA key, only turn it off if it has been set up.
          cody Cody Phillips (Inactive) made changes -
          Link This issue is blocked by CORE-1459 [ CORE-1459 ]
          cody Cody Phillips (Inactive) made changes -
          Sprint 3.4.0 Sprint 1 [ 3 ] 3.4.0 Sprint 2 [ 4 ]
          cody Cody Phillips (Inactive) made changes -
          Rank Ranked higher
          cody Cody Phillips (Inactive) made changes -
          Rank Ranked higher
          cody Cody Phillips (Inactive) made changes -
          Sprint 3.4.0 Sprint 2 [ 4 ] 3.4.0 Sprint 3 [ 5 ]
          cody Cody Phillips (Inactive) made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          cody Cody Phillips (Inactive) made changes -
          Status In Progress [ 3 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Hide
          tyson Tyson Phillips (Inactive) added a comment -

          When saving the auth password for the first time, it's easy to get confused when receiving the error "Invalid password."

          That error may need to be more specific. Although the OTP password was correct, the user needs to also enter their current account password before the changes can be saved, hence the "Invalid password" error.

          Show
          tyson Tyson Phillips (Inactive) added a comment - When saving the auth password for the first time, it's easy to get confused when receiving the error "Invalid password." That error may need to be more specific. Although the OTP password was correct, the user needs to also enter their current account password before the changes can be saved, hence the "Invalid password" error.
          Hide
          cody Cody Phillips (Inactive) added a comment -

          When saving the auth password for the first time, it's easy to get confused when receiving the error "Invalid password."

          That error may need to be more specific. Although the OTP password was correct, the user needs to also enter their current account password before the changes can be saved, hence the "Invalid password" error.

          Any improvements I think should be added as new tasks.

          Show
          cody Cody Phillips (Inactive) added a comment - When saving the auth password for the first time, it's easy to get confused when receiving the error "Invalid password." That error may need to be more specific. Although the OTP password was correct, the user needs to also enter their current account password before the changes can be saved, hence the "Invalid password" error. Any improvements I think should be added as new tasks.
          tyson Tyson Phillips (Inactive) made changes -
          Status Resolved [ 5 ] Closed [ 6 ]

            People

            • Assignee:
              cody Cody Phillips (Inactive)
              Reporter:
              cody Cody Phillips (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                12/Dec/14

                Agile