<metaname="description"content="The 2FA/OTP Config Module The user_2fa_otp_config module provides opt-in, configuration, and viewing of Two-Factor Authentication via One-Time-Password (2FA/OTP) settings. In order to allow users access to 2FA/OTP, the system must be properly configured. See Security for more information."/>
<metaproperty="og:description"content="The 2FA/OTP Config Module The user_2fa_otp_config module provides opt-in, configuration, and viewing of Two-Factor Authentication via One-Time-Password (2FA/OTP) settings. In order to allow users access to 2FA/OTP, the system must be properly configured. See Security for more information."/>
{"mainEntityOfPage":{"@type":"WebPage","@id":"/enigma-bbs/modding/user-2fa-otp-config.html"},"description":"The 2FA/OTP Config Module The user_2fa_otp_config module provides opt-in, configuration, and viewing of Two-Factor Authentication via One-Time-Password (2FA/OTP) settings. In order to allow users access to 2FA/OTP, the system must be properly configured. See Security for more information.","url":"/enigma-bbs/modding/user-2fa-otp-config.html","@type":"BlogPosting","publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"/enigma-bbs/assets/images/enigma-logo.png"}},"headline":"2FA/OTP Config","dateModified":"2022-08-06T06:44:01+00:00","datePublished":"2022-08-06T06:44:01+00:00","@context":"https://schema.org"}</script>
<p>The <codeclass="language-plaintext highlighter-rouge">user_2fa_otp_config</code> module provides opt-in, configuration, and viewing of Two-Factor Authentication via One-Time-Password (2FA/OTP) settings. In order to allow users access to 2FA/OTP, the system must be properly configured. See <ahref="/enigma-bbs/configuration/security.html">Security</a> for more information.</p>
<p><imgclass="emoji"title=":information_source:"alt=":information_source:"src="https://github.githubassets.com/images/icons/emoji/unicode/2139.png"height="20"width="20"> By default, the 2FA/OTP configuration menu may only be accessed by users connected securely (ACS <codeclass="language-plaintext highlighter-rouge">SC</code>). It is highly recommended to leave this default as accessing these settings over a plain-text connection could expose private secrets!</p>
<codeclass="language-plaintext highlighter-rouge">infoText</code>: Overrides default informational text string(s). See <strong>Info Text</strong> below.</li>
<li>
<codeclass="language-plaintext highlighter-rouge">statusText:</code> Overrides default status text string(s). See <strong>Status Text</strong> below.</li>
</ul>
<p>Example:</p>
<pre><codeclass="language-hjson">config: {
infoText: {
googleAuth: Google Authenticator available on mobile phones, etc.
}
statusText: {
saveError: Doh! Failed to save :(
}
}
</code></pre>
<h4id="info-text-infotext">Info Text (infoText)</h4>
<p>Overrides default informational text relative to current selections. Available keys:</p>
<ul>
<li>
<codeclass="language-plaintext highlighter-rouge">disabled</code>: Displayed when OTP switched to enabled.</li>
<li>
<codeclass="language-plaintext highlighter-rouge">enabled</code>: Displayed when OTP switched to disabled.</li>
<li>MCI 10…99: Custom entries with the following format members available:
<ul>
<li>
<codeclass="language-plaintext highlighter-rouge">{infoText}</code>: <strong>Info Text</strong> for current selection.</li>
</ul>
</li>
</ul>
<h3id="web-and-email-templates">Web and Email Templates</h3>
<p>A template system is also available to customize registration emails and the landing page.</p>
<h4id="emails">Emails</h4>
<p>Multipart MIME emails are send built using template files pointed to by <codeclass="language-plaintext highlighter-rouge">users.twoFactorAuth.otp.registerEmailText</code> and <codeclass="language-plaintext highlighter-rouge">users.toFactorAuth.otp.registerEmailHtml</code> supporting the following variables:</p>
<codeclass="language-plaintext highlighter-rouge">%TOKEN%</code>: Temporary registration token generally used in URL.</li>
<li>
<codeclass="language-plaintext highlighter-rouge">%REGISTER_URL%</code>: Full registration URL.</li>
</ul>
<h4id="landing-page">Landing Page</h4>
<p>The landing page template is pointed to by <codeclass="language-plaintext highlighter-rouge">users.twoFactorAuth.otp.registerPageTemplate</code> and supports the following variables:</p>
<codeclass="language-plaintext highlighter-rouge">%TOKEN%</code>: Temporary registration token generally used in URL.</li>
<li>
<codeclass="language-plaintext highlighter-rouge">%OTP_TYPE%</code>: OTP type such as <codeclass="language-plaintext highlighter-rouge">googleAuth</code>.</li>
<li>
<codeclass="language-plaintext highlighter-rouge">%POST_URL%</code>: URL to POST form to.</li>
<li>
<codeclass="language-plaintext highlighter-rouge">%QR_IMG_DATA%</code>: QR code in URL image data format. Not always available depending on OTP type and will be set to blank in these cases.</li>
<li>
<codeclass="language-plaintext highlighter-rouge">%SECRET%</code>: Secret for manual entry.</li>