-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Building solution for 2FA signin , there a lot of work! #280
Comments
ALTER TABLE YourFavorPrefix_users ALTER TABLE YourFavorPrefix_users user2FAconfigstate will be use to decide where to display or not to display config for 2FA |
Work on 2FA continues, the difficulty which i currently experience is that template engine very strange to me binding in the template of clipbucket and data submission between fronted and back-end is complex , i think after i have full integration of 2FA i will probably stop submit any new code (yes that stuff happen), this project is really complex and who ever will maintain it in future, they have my full respect and honor. https://pastebin.com/qp71bwDG here is userMenuLeft.html trough which i added new menu item. |
Fighting templating of smarty was not fun, neither i will do it second time. so here another major milestone! https://pastebin.com/Z4Webn83 I have issues, with the way how smarty doing stuff, it just annoying, to fight it , conditional stuff is obvious but understanding how binding works was really , really important . https://pastebin.com/876dqHxF same issues binding its way to complicating, you store state in database get it constantly back and catch the right post , at the moment user can set up 2FA only once, i think its good because if user constantly enabled and disable 2FA this potential can produce performance decrease, sure nobody in mind would make big big youtube clone , but stil consider this user who have security concerns must make sure that his authenticator device is operation if suddenly he loose his device he would not able to login. Somebody else write this future, my major concern usage of 2FA with clipbucket. Summary: binding, binding its one of things which i hate in this project , sure without good template you have obviously not so beautiful website, but i say why limit yourself with somebody understanding of content representation, webcomponents nowadays are way more efficient, hell even VueJS or Angular is better in comparison to smarty. I just saying , if somebody have plans to develop this platform , i think good overall change in design and software architecture should be considered. |
ALTER TABLE voiceOfIRS_users MODIFY user2FAprivatecode VARCHAR(300) NOT NULL; This alteration is needed because i store encrypted 2FA secret code. |
my current composer.json { |
https://pastebin.com/BaUURMwf Well edit_account.html was a mess ,now i finally added the part for 2FA it do what it does , meaning showing all important parts for 2FA activation https://pastebin.com/c9BpNtPh edit_account.php now it have everything what you for 2FA setup ( i plan to move the decryption method near login and it make sense because here i only encrypt the code https://pastebin.com/dRV6DzYD user.class.php just forward data to db class nothing special , merely a design from "legacy" https://pastebin.com/hu6uQRs9 db.class.php i written another db methods to do my data persistence too nothing special about. Now everything in place (except admin management for each of users 2fa ) , i do finally the job for activating 2FA on all login forms admin and user and thats it! The dependency on bacon and otphp hopefully is in terms of the project licensing and the opensource community. Eventually i know how it binds, it make me not feel happier , but 2FA is almost ready now i proceed to work on logins. |
Finally it works! https://pastebin.com/dPud6EAX edit_account.html nothing here changed so far https://pastebin.com/6j3fkcdu db.class.php i have done my best all SQL which executes it acts like measure , if condition not applied no SQL update or insert executed , it is better to be safe then sorry. So this it next last chapter will be 2FA for admin panel and then it will be upto other to write code or fix bugs. |
Finally the completion!https://pastebin.com/QixiG2bW login.php , yes code repeat quick and diry this works, you can refactor of course all to class 2FAAuth or something like that , but for me i just care that it works! Feel free to improve my code make new php class or classes for repeated code, but this project a huge one, some classes have 1000+ lines try to refactor it without breaking something and its really hard!!! Smarty template engine, what a joke, one of the obscures template engine i ever saw! Chapgpt helped me a lot, i can say , the code was not always on point but with 4 or 5 iterations i always got what i expected, it was like a TDD actually really cool you should try it. Whats left?One stuff which i didn't implemented on the admin side to have feature to enable and disable 2FA for any given user, i think its easy fix trough database, real reason, i dont like writing new forms in smarty , i provided enough example code to do it without major pains, but its up to someone else who will work further on this project. 2FA as you read works on both user groups admin and users and its really secure. One last feature which i would like to see in future is hCaptcha on Login (Both admin and user) , but its a plugin, we don't need tight coupling with any external services like hCaptcha. Overall i must say using php is way way easy , then program in Java or God forbids Kotlin or even Scala, real competitor to PHP probably Python, but as JAVA in Enterprise PHP "owns" CMS for small and middle Enterprises systems. |
ALTER TABLE |
Yes i am crazy about security and i am doing it:
First alteration in the main table Yourtableprefix is just placeholder use your prefix if you have one!
CREATE TABLE Yourtableprefix_admin2faconfig (
users2FAstateName VARCHAR(100) NOT NULL,
enabled2fa BOOLEAN DEFAULT FALSE NOT NULL,
PRIMARY KEY (users2FAstateName)
);
INSERT INTO Yourtableprefix_admin2faconfig (users2FAstateName, enabled2fa) VALUES ('Global2FAState', 0);
This trigger will not allow to insert rows, we dont need this , just do update.
DELIMITER //
CREATE TRIGGER InsertionToAdmin2FAConfigDisallow
BEFORE INSERT ON Yourtableprefix_admin2faconfig
FOR EACH ROW
BEGIN
SIGNAL SQLSTATE '45000'
SET MESSAGE_TEXT = 'You cannot insert rows to admin2faconfig table.';
END;
//
DELIMITER ;
ALTER TABLE Yourtableprefix_users
ADD COLUMN user2FAstate BOOLEAN DEFAULT FALSE NOT NULL;
With that you have one table which acts like indicator if 2FA should be "worldwide" enabled or not.
Then there alteration for all users, because each user must be allowed to enable and use 2fa
I will write 2FA activation and authentication for sign in only parts , because i think deactivating 2fA is trivial stuff, and let be honest clipbucket code base not in the best shape or condition , to make fast commits, you need be chatgpt version 10 ;)
Here i post code which allow you to have via admin config panel to enable or disable global 2fa state
[ https://pastebin.com/wVuXmDKW ](main.php from the admin panel)
https://pastebin.com/qWAJUUaJ ** my_queries.class.php oh now , i think when i work with that i lost my mind ;)**
https://pastebin.com/t4KEerZD i got lazy and written special method for only 3 parameters for the update, i like explicit stuff and dislike verbosity and obscure and unclean function calls .
https://pastebin.com/6W9C7Cmt Now i am not a fronted developer, but i am fullstack developer, still this part of code wasn't so hard, but understanding binding without chatgpt would be even for me very hard.
Overall , if somebody love php and try to work on the clipbucket , i think they start to want to program something better pascal or python i dont know.
My motivation to work on this project is really limited on what my client expects from final product.
I even manage to integrate via simple web widget owncast server , its html code which load the broadcasting live , which actually missing in clipbucket.
Don't close this issue i will post further details about developing 2FA
The text was updated successfully, but these errors were encountered: