HomePhorge
Diffusion kolab f1a6d6b2c90e

MFA via CompanionApp
f1a6d6b2c90e
Actions

Description

MFA via CompanionApp

  • API is protected by either api (full access), or mfa scopes
  • The second factor only interacts via the mfa scope
  • Each companion app get's it's own oauth_client, which enforces the allowed scope via the new allowed_scopes column + the TokenObserver.
  • MFA is not checked for MFA device interactions. This is to allow pairing & using a new device if an existing one was e.g. lost.
  • The QR-Code is now printable and includes the generated oauth_client secret. Together with the relaxation of mfa-checking for the mfa scope, this allows to create & print recovery qr-codes.

Further changes:

  • The companion app is now offered for direct download via configurable download link.
  • The companion app primary key is now a uuid (in binary form), since it's exposed in the api.

Notes:

  • The companion app table is truncated on migration because nothing is currently relying on it and no important data is lost.

Builds on D3698

Differential Revision: https://git.kolab.org/D3932

Details

Provenance
mollekopfAuthored on Nov 3 2022, 12:22 PM
mollekopfPushed on Nov 16 2022, 4:27 PM
Differential Revision
D3932: MFA via CompanionApp
Parents
rK42091037a813: [Draft] 2FA via CompanionApp for Kolab4 logons
Branches
Unknown
Tags
Unknown
Build Status
Buildable 40616

Event Timeline

Christian Mollekopf <mollekopf@apheleia-it.ch> committed rKf1a6d6b2c90e: MFA via CompanionApp (authored by Christian Mollekopf <mollekopf@apheleia-it.ch>).Nov 16 2022, 4:12 PM
Harbormaster completed building B40616: rKf1a6d6b2c90e: MFA via CompanionApp.Nov 16 2022, 4:27 PM

Changes (27)

PathSize
src/
app/
Auth/
Http/
Controllers/
API/
V4/
Observers/
Passport/
Providers/
config/
database/
migrations/
2022_11_04_120000_companion_app_uuids_oauth_client.php
2021_05_05_134357_create_companion_apps_table.php
2022_11_04_130000_oauth_client_scopes.php
2020_03_27_134609_user_table_add_role_column.php
seeds/
local/
resources/
js/
user/
lang/
en/
vue/
CompanionApp/
Distlist/
routes/
tests/
Feature/
Controller/

rKf1a6d6b2c90e

View Options

src/.env.example

Loading...
View Options

src/app/Auth/PassportClient.php

Loading...
View Options

src/app/CompanionApp.php

Loading...
View Options

src/app/Http/Controllers/API/AuthController.php

Loading...
View Options

src/app/Http/Controllers/API/V4/CompanionAppsController.php

Loading...
View Options

src/app/Http/Kernel.php

Loading...
View Options

src/app/Observers/Passport/TokenObserver.php

Loading...
View Options

src/app/Providers/AuthServiceProvider.php

Loading...
View Options

src/app/User.php

Loading...
View Options

src/app/Utils.php

Loading...
View Options

src/config/app.php

Loading...
View Options

src/database/migrations/2022_11_04_120000_companion_app_uuids_oauth_client.php

Loading...
View Options

src/database/migrations/2022_11_04_130000_oauth_client_scopes.php

Loading...
View Options

src/database/seeds/local/OauthClientSeeder.php

Loading...
View Options

src/resources/js/user/routes.js

Loading...
View Options

src/resources/lang/en/app.php

Loading...
View Options

src/resources/lang/en/ui.php

Loading...
View Options

src/resources/vue/CompanionApp.vue

Loading...
View Options

src/resources/vue/CompanionApp/Info.vue

Loading...
View Options

src/resources/vue/CompanionApp/List.vue

Loading...
View Options

src/resources/vue/CompanionApp/ListWidget.vue

Loading...
View Options

src/resources/vue/Dashboard.vue

Loading...
View Options

src/routes/api.php

Loading...
View Options

src/tests/Feature/Controller/CompanionAppsTest.php

Loading...
View Options

src/tests/TestCase.php

Loading...