enigma-bbs/modding/user-2fa-otp-config.html

2438 lines
22 KiB
HTML

<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset='utf-8'>
<meta http-equiv="X-UA-Compatible" content="chrome=1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="icon" type="image/png" sizes="16x16" href="/enigma-bbs/assets/images/favicon-16x16.png">
<link rel="icon" type="image/png" sizes="32x32" href="/enigma-bbs/assets/images/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="32x32" href="/enigma-bbs/assets/images/favicon-32x32.png">
<link rel="stylesheet" href="/enigma-bbs/assets/css/style.css?v=">
<!-- Begin Jekyll SEO tag v2.7.1 -->
<title>2FA/OTP Config | ENiGMA½ BBS Software</title>
<meta name="generator" content="Jekyll v4.2.1" />
<meta property="og:title" content="2FA/OTP Config" />
<meta property="og:locale" content="en_US" />
<meta name="description" content="The 2FA/OTP Config Module The user_2fa_otp_config module provides opt-in, configuration, and viewing of Two-Factor Authentication via One-Time-Password (2FA/OTP) settings. In order to allow users access to 2FA/OTP, the system must be properly configured. See Security for more information." />
<meta property="og:description" content="The 2FA/OTP Config Module The user_2fa_otp_config module provides opt-in, configuration, and viewing of Two-Factor Authentication via One-Time-Password (2FA/OTP) settings. In order to allow users access to 2FA/OTP, the system must be properly configured. See Security for more information." />
<meta property="og:site_name" content="ENiGMA½ BBS Software" />
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2022-09-09T03:31:32+00:00" />
<meta name="twitter:card" content="summary" />
<meta property="twitter:title" content="2FA/OTP Config" />
<script type="application/ld+json">
{"datePublished":"2022-09-09T03:31:32+00:00","description":"The 2FA/OTP Config Module The user_2fa_otp_config module provides opt-in, configuration, and viewing of Two-Factor Authentication via One-Time-Password (2FA/OTP) settings. In order to allow users access to 2FA/OTP, the system must be properly configured. See Security for more information.","mainEntityOfPage":{"@type":"WebPage","@id":"/enigma-bbs/modding/user-2fa-otp-config.html"},"url":"/enigma-bbs/modding/user-2fa-otp-config.html","@type":"BlogPosting","publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"/enigma-bbs/assets/images/enigma-logo.png"}},"headline":"2FA/OTP Config","dateModified":"2022-09-09T03:31:32+00:00","@context":"https://schema.org"}</script>
<!-- End Jekyll SEO tag -->
</head>
<body>
<div id="container">
<div class="sidebar" id="sidebar">
<hr class="mobile-divide">
<div class="container">
<a href="/enigma-bbs/"><img src="/enigma-bbs/assets/images/enigma-logo.png" class="logo" alt="Enigma logo"></a>
</div>
<ul>
<li>Installation</li>
<ul>
<li><a href="/enigma-bbs/installation/installation-methods.html">Installation Methods</a></li>
<li><a href="/enigma-bbs/installation/install-script.html">Install Script</a></li>
<li><a href="/enigma-bbs/installation/docker.html">Docker</a></li>
<li><a href="/enigma-bbs/installation/manual.html">Manual Installation</a></li>
<li>OS / Hardware Specific</li>
<ul>
<li><a href="/enigma-bbs/installation/hardware/rpi.html">Raspberry Pi</a></li>
<li><a href="/enigma-bbs/installation/hardware/windows.html">Installation Under Windows</a></li>
</ul>
<li><a href="/enigma-bbs/installation/network.html">Network Setup</a></li>
<li><a href="/enigma-bbs/installation/testing.html">Testing Your Installation</a></li>
<li><a href="/enigma-bbs/installation/production.html">Production Installation</a></li>
</ul>
<li>Configuration</li>
<ul>
<li><a href="/enigma-bbs/configuration/creating-config.html">Creating Initial Config Files</a></li>
<li><a href="/enigma-bbs/configuration/sysop-setup.html">SysOp Setup</a></li>
<li><a href="/enigma-bbs/configuration/config-files.html">Configuration Files</a></li>
<li><a href="/enigma-bbs/configuration/config-hjson.html">System Configuration</a></li>
<li><a href="/enigma-bbs/configuration/hjson.html">HJSON Config Files</a></li>
<li><a href="/enigma-bbs/configuration/menu-hjson.html">Menu HSJON</a></li>
<li><a href="/enigma-bbs/configuration/directory-structure.html">Directory Structure</a></li>
<li><a href="/enigma-bbs/configuration/external-binaries.html">External Support Binaries</a></li>
<li><a href="/enigma-bbs/configuration/archivers.html">Archivers</a></li>
<li><a href="/enigma-bbs/configuration/file-transfer-protocols.html">File Transfer Protocols</a></li>
<li><a href="/enigma-bbs/configuration/email.html">Email</a></li>
<li><a href="/enigma-bbs/configuration/colour-codes.html">Colour Codes</a></li>
<li><a href="/enigma-bbs/configuration/event-scheduler.html">Event Scheduler</a></li>
<li><a href="/enigma-bbs/configuration/acs.html">Access Condition System (ACS)</a></li>
<li><a href="/enigma-bbs/configuration/security.html">Security</a></li>
</ul>
<li>Miscellaneous</li>
<ul>
<li><a href="/enigma-bbs/misc/user-interrupt.html">User Interruptions</a></li>
</ul>
<li>File Base</li>
<ul>
<li><a href="/enigma-bbs/filebase/index.html">About File Areas</a></li>
<li><a href="/enigma-bbs/filebase/first-file-area.html">Configuring a File Base</a></li>
<li><a href="/enigma-bbs/filebase/acs.html">ACS</a></li>
<li><a href="/enigma-bbs/filebase/uploads.html">Uploads</a></li>
<li><a href="/enigma-bbs/filebase/web-access.html">Web Access</a></li>
<li><a href="/enigma-bbs/filebase/tic-support.html">TIC Support</a></li>
<li><a href="/enigma-bbs/filebase/network-mounts-and-symlinks.html">Network Mounts &amp; Symlinks</a></li>
</ul>
<li>Message Areas</li>
<ul>
<li><a href="/enigma-bbs/messageareas/configuring-a-message-area.html">Message Base</a></li>
<li><a href="/enigma-bbs/messageareas/message-networks.html">Message Networks</a></li>
<li><a href="/enigma-bbs/messageareas/bso-import-export.html">BSO Import / Export</a></li>
<li><a href="/enigma-bbs/messageareas/netmail.html">Netmail</a></li>
<li><a href="/enigma-bbs/messageareas/qwk.html">QWK Support</a></li>
<li><a href="/enigma-bbs/messageareas/ftn.html">FidoNet-Style Networks (FTN)</a></li>
</ul>
<li>Art</li>
<ul>
<li><a href="/enigma-bbs/art/general.html">General Art Information</a></li>
<li><a href="/enigma-bbs/art/themes.html">Themes</a></li>
<li><a href="/enigma-bbs/art/mci.html">MCI Codes</a></li>
<li>Views</li>
<ul>
<li><a href="/enigma-bbs/art/views/button_view.html">Button View</a></li>
<li><a href="/enigma-bbs/art/views/edit_text_view.html">Edit Text View</a></li>
<li><a href="/enigma-bbs/art/views/full_menu_view.html">Full Menu View</a></li>
<li><a href="/enigma-bbs/art/views/horizontal_menu_view.html">Horizontal Menu View</a></li>
<li><a href="/enigma-bbs/art/views/mask_edit_text_view.html">Mask Edit Text View</a></li>
<li><a href="/enigma-bbs/art/views/multi_line_edit_text_view.html">Multi Line Edit Text View</a></li>
<li><a href="/enigma-bbs/art/views/predefined_label_view.html">Predefined Label View</a></li>
<li><a href="/enigma-bbs/art/views/spinner_menu_view.html">Spinner Menu View</a></li>
<li><a href="/enigma-bbs/art/views/text_view.html">Text View</a></li>
<li><a href="/enigma-bbs/art/views/toggle_menu_view.html">Toggle Menu View</a></li>
<li><a href="/enigma-bbs/art/views/vertical_menu_view.html">Vertical Menu View</a></li>
</ul>
</ul>
<li>Servers</li>
<ul>
<li>Login Servers</li>
<ul>
<li><a href="/enigma-bbs/servers/loginservers/telnet.html">Telnet Server</a></li>
<li><a href="/enigma-bbs/servers/loginservers/ssh.html">SSH Server</a></li>
<li><a href="/enigma-bbs/servers/loginservers/websocket.html">Web Socket / Web Interface Server</a></li>
</ul>
<li>Content Servers</li>
<ul>
<li><a href="/enigma-bbs/servers/contentservers/web-server.html">Web Server</a></li>
<li><a href="/enigma-bbs/servers/contentservers/gopher.html">Gopher Server</a></li>
<li><a href="/enigma-bbs/servers/contentservers/nntp.html">NNTP Server</a></li>
</ul>
</ul>
<li>Modding</li>
<ul>
<li><a href="/enigma-bbs/modding/local-doors.html">Local Doors</a></li>
<li><a href="/enigma-bbs/modding/door-servers.html">Door Servers</a></li>
<li><a href="/enigma-bbs/modding/telnet-bridge.html">Telnet Bridge</a></li>
<li><a href="/enigma-bbs/modding/existing-mods.html">Existing Mods</a></li>
<li><a href="/enigma-bbs/modding/file-area-list.html">File Area List</a></li>
<li><a href="/enigma-bbs/modding/last-callers.html">Last Callers</a></li>
<li><a href="/enigma-bbs/modding/whos-online.html">Who's Online</a></li>
<li><a href="/enigma-bbs/modding/user-list.html">User List</a></li>
<li><a href="/enigma-bbs/modding/msg-conf-list.html">Message Conference List</a></li>
<li><a href="/enigma-bbs/modding/msg-area-list.html">Message Area List</a></li>
<li><a href="/enigma-bbs/modding/bbs-list.html">BBS List</a></li>
<li><a href="/enigma-bbs/modding/rumorz.html">Rumorz</a></li>
<li><a href="/enigma-bbs/modding/file-transfer-protocol-select.html">File Transfer Protocol Select</a></li>
<li><a href="/enigma-bbs/modding/onelinerz.html">Onelinerz</a></li>
<li><a href="/enigma-bbs/modding/show-art.html">The Show Art Module</a></li>
<li><a href="/enigma-bbs/modding/file-base-download-manager.html">File Base Download Manager</a></li>
<li><a href="/enigma-bbs/modding/file-base-web-download-manager.html">File Base Web Download Manager</a></li>
<li><a href="/enigma-bbs/modding/set-newscan-date.html">Set Newscan Date Module</a></li>
<li><a href="/enigma-bbs/modding/node-msg.html">Node to Node Messaging</a></li>
<li><a href="/enigma-bbs/modding/top-x.html">TopX</a></li>
<li class="active-nav">2FA/OTP Config</li>
<li><a href="/enigma-bbs/modding/autosig-edit.html">Auto Signature Editor</a></li>
<li><a href="/enigma-bbs/modding/menu-modules.html">Menu Modules</a></li>
</ul>
<li>Administration</li>
<ul>
<li><a href="/enigma-bbs/admin/administration.html">Administration</a></li>
</ul>
<li>Modding</li>
<ul>
<li><a href="/enigma-bbs/modding/wfc.html">Waiting For Caller (WFC)</a></li>
</ul>
<li>Administration</li>
<ul>
<li><a href="/enigma-bbs/admin/oputil.html">oputil</a></li>
<li><a href="/enigma-bbs/admin/updating.html">Updating</a></li>
</ul>
<li>Troubleshooting</li>
<ul>
<li><a href="/enigma-bbs/troubleshooting/monitoring-logs.html">Monitoring Logs</a></li>
</ul>
</ul>
</div>
<div class="main_area">
<div class="container">
<section id="main_content">
<div class="PageNavigation">
<a class="btn" style="float:left;margin-right: 20px;" href="/enigma-bbs/modding/top-x.html">« TopX</a>
<a href="#sidebar" class="btn menu_button">MENU</a>
<a class="btn" style="float: right;margin-left: 20px" href="/enigma-bbs/modding/autosig-edit.html">Auto Signature Editor »</a>
<br clear="both">
</div>
<div class="page">
<h1 class="page-title">2FA/OTP Config</h1>
<h2 id="the-2faotp-config-module">The 2FA/OTP Config Module</h2>
<p>The <code class="language-plaintext highlighter-rouge">user_2fa_otp_config</code> module provides opt-in, configuration, and viewing of Two-Factor Authentication via One-Time-Password (2FA/OTP) settings. In order to allow users access to 2FA/OTP, the system must be properly configured. See <a href="/enigma-bbs/configuration/security.html">Security</a> for more information.</p>
<blockquote>
<p><img class="emoji" title=":information_source:" alt=":information_source:" src="https://github.githubassets.com/images/icons/emoji/unicode/2139.png" height="20" width="20"> By default, the 2FA/OTP configuration menu may only be accessed by users connected securely (ACS <code class="language-plaintext highlighter-rouge">SC</code>). It is highly recommended to leave this default as accessing these settings over a plain-text connection could expose private secrets!</p>
</blockquote>
<h2 id="configuration">Configuration</h2>
<h3 id="config-block">Config Block</h3>
<p>Available <code class="language-plaintext highlighter-rouge">config</code> block entries:</p>
<ul>
<li>
<code class="language-plaintext highlighter-rouge">infoText</code>: Overrides default informational text string(s). See <strong>Info Text</strong> below.</li>
<li>
<code class="language-plaintext highlighter-rouge">statusText:</code> Overrides default status text string(s). See <strong>Status Text</strong> below.</li>
</ul>
<p>Example:</p>
<pre><code class="language-hjson">config: {
infoText: {
googleAuth: Google Authenticator available on mobile phones, etc.
}
statusText: {
saveError: Doh! Failed to save :(
}
}
</code></pre>
<h4 id="info-text-infotext">Info Text (infoText)</h4>
<p>Overrides default informational text relative to current selections. Available keys:</p>
<ul>
<li>
<code class="language-plaintext highlighter-rouge">disabled</code>: Displayed when OTP switched to enabled.</li>
<li>
<code class="language-plaintext highlighter-rouge">enabled</code>: Displayed when OTP switched to disabled.</li>
<li>
<code class="language-plaintext highlighter-rouge">rfc6238_TOTP</code>: Describes TOTP.</li>
<li>
<code class="language-plaintext highlighter-rouge">rfc4266_HOTP</code>: Describes HOTP.</li>
<li>
<code class="language-plaintext highlighter-rouge">googleAuth</code>: Describes Google Authenticator OTP.</li>
</ul>
<h4 id="status-text-statustext">Status Text (statusText)</h4>
<p>Overrides default status text for various conditions. Available keys:</p>
<ul>
<li><code class="language-plaintext highlighter-rouge">otpNotEnabled</code></li>
<li><code class="language-plaintext highlighter-rouge">noBackupCodes</code></li>
<li><code class="language-plaintext highlighter-rouge">saveDisabled</code></li>
<li><code class="language-plaintext highlighter-rouge">saveEmailSent</code></li>
<li><code class="language-plaintext highlighter-rouge">saveError</code></li>
<li><code class="language-plaintext highlighter-rouge">qrNotAvail</code></li>
<li><code class="language-plaintext highlighter-rouge">emailRequired</code></li>
</ul>
<h2 id="theming">Theming</h2>
<p>The following MCI codes are available:</p>
<ul>
<li>MCI 1: (ie: <code class="language-plaintext highlighter-rouge">TM1</code>): Toggle 2FA/OTP enabled/disabled.</li>
<li>MCI 2: (ie: <code class="language-plaintext highlighter-rouge">SM2</code>): 2FA/OTP type selection.</li>
<li>MCI 3: (ie: <code class="language-plaintext highlighter-rouge">TM3</code>): Submit/cancel toggle.</li>
<li>MCI 10…99: Custom entries with the following format members available:
<ul>
<li>
<code class="language-plaintext highlighter-rouge">{infoText}</code>: <strong>Info Text</strong> for current selection.</li>
</ul>
</li>
</ul>
<h3 id="web-and-email-templates">Web and Email Templates</h3>
<p>A template system is also available to customize registration emails and the landing page.</p>
<h4 id="emails">Emails</h4>
<p>Multipart MIME emails are send built using template files pointed to by <code class="language-plaintext highlighter-rouge">users.twoFactorAuth.otp.registerEmailText</code> and <code class="language-plaintext highlighter-rouge">users.toFactorAuth.otp.registerEmailHtml</code> supporting the following variables:</p>
<ul>
<li>
<code class="language-plaintext highlighter-rouge">%BOARDNAME%</code>: BBS name.</li>
<li>
<code class="language-plaintext highlighter-rouge">%USERNAME%</code>: Username receiving email.</li>
<li>
<code class="language-plaintext highlighter-rouge">%TOKEN%</code>: Temporary registration token generally used in URL.</li>
<li>
<code class="language-plaintext highlighter-rouge">%REGISTER_URL%</code>: Full registration URL.</li>
</ul>
<h4 id="landing-page">Landing Page</h4>
<p>The landing page template is pointed to by <code class="language-plaintext highlighter-rouge">users.twoFactorAuth.otp.registerPageTemplate</code> and supports the following variables:</p>
<ul>
<li>
<code class="language-plaintext highlighter-rouge">%BOARDNAME%</code>: BBS name.</li>
<li>
<code class="language-plaintext highlighter-rouge">%USERNAME%</code>: Username receiving email.</li>
<li>
<code class="language-plaintext highlighter-rouge">%TOKEN%</code>: Temporary registration token generally used in URL.</li>
<li>
<code class="language-plaintext highlighter-rouge">%OTP_TYPE%</code>: OTP type such as <code class="language-plaintext highlighter-rouge">googleAuth</code>.</li>
<li>
<code class="language-plaintext highlighter-rouge">%POST_URL%</code>: URL to POST form to.</li>
<li>
<code class="language-plaintext highlighter-rouge">%QR_IMG_DATA%</code>: QR code in URL image data format. Not always available depending on OTP type and will be set to blank in these cases.</li>
<li>
<code class="language-plaintext highlighter-rouge">%SECRET%</code>: Secret for manual entry.</li>
</ul>
</div>
<div class="PageNavigation">
<a class="btn" style="float:left;margin-right: 20px;" href="/enigma-bbs/modding/top-x.html">« TopX</a>
<a class="btn" style="float: right;margin-left: 20px" href="/enigma-bbs/modding/autosig-edit.html">Auto Signature Editor »</a>
<br clear="both">
</div>
</section>
</div>
</div>
</div>
</body>
</html>