- Posts: 409
- Thank you received: 34
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Two-Factor-Authentication is now live
- blocka
- Offline
- Platinum Member
Less
More
4 years 8 months ago #186457
by blocka
Replied by blocka on topic Two-Factor-Authentication is now live
I am indeed a Premium member -- thanks so much, I hadn't even thought to look in the store!
The topic has been locked.
- jelo
- Offline
- Platinum Member
Less
More
- Posts: 5070
- Thank you received: 1263
4 years 8 months ago #186462
by jelo
E.g. the LimeStore premium plugin has to be downloaded and installed. ComfortUpdate is not updating the plugin.
The direct URL is this:
account.limesurvey.org/limestore?view=extensiondetails&id=49
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Replied by jelo on topic Two-Factor-Authentication is now live
Is the statement still valid? Part of the Community edition is not the case at the moment.cdorin wrote: The 2FA plugin will be part of the Community Edition in one of the upcoming releases!
E.g. the LimeStore premium plugin has to be downloaded and installed. ComfortUpdate is not updating the plugin.
cdorin wrote: If you have premium, you can find it here: account.limesurvey.org/limestore (the same one we use on our LS instances)
The direct URL is this:
account.limesurvey.org/limestore?view=extensiondetails&id=49
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The following user(s) said Thank You: cdorin
The topic has been locked.
- cdorin
- Topic Author
- Offline
- Elite Member
Less
More
- Posts: 234
- Thank you received: 40
4 years 8 months ago #186507
by cdorin
Manual: manual.limesurvey.org/LimeSurvey_Manual
Bugs tracker: bugs.limesurvey.org/my_view_page.php
If you self-host and need help, contact one of our partners: limesurvey.com
Please do not contact me via PM - thank you.
Replied by cdorin on topic Two-Factor-Authentication is now live
Hey @jelo. Yes, the statement is still valid. We will need to discuss in the near future when it will become part of CE.
And thanks for providing extra clarifications about the usage of the plugin.
And thanks for providing extra clarifications about the usage of the plugin.
Manual: manual.limesurvey.org/LimeSurvey_Manual
Bugs tracker: bugs.limesurvey.org/my_view_page.php
If you self-host and need help, contact one of our partners: limesurvey.com
Please do not contact me via PM - thank you.
The topic has been locked.
- blocka
- Offline
- Platinum Member
Less
More
- Posts: 409
- Thank you received: 34
4 years 8 months ago #186509
by blocka
Replied by blocka on topic Two-Factor-Authentication is now live
The implementation of this plugin is fantastic! I've tested with Google Authenticator only at this point, but if the other methods work as well, it will be super to have this released to CE !
The following user(s) said Thank You: cdorin
The topic has been locked.
- blocka
- Offline
- Platinum Member
Less
More
- Posts: 409
- Thank you received: 34
4 years 8 months ago #186526
by blocka
Replied by blocka on topic Two-Factor-Authentication is now live
I have a suggestion:
I have noted is that if I set Force 2FA to Yes in the plugin settings, then on the login page, I still see "AuthKey (optional)"...
It might make sense to remove the text "(optional)" since if a user has enabled 2FA for their account, this is no longer true and AuthKey is mandatory for them.
Else maybe:
1) have login page show username + password, and then when user clicks on click "Login", check to see if they have 2FA enabled, and if so, display the AuthKey request their code.
2) Or (slicker) after completing and exiting username field, do AJAX call to see if 2FA enabled for that user account, and then reveal password and AuthKey field if required.
I have noted is that if I set Force 2FA to Yes in the plugin settings, then on the login page, I still see "AuthKey (optional)"...
It might make sense to remove the text "(optional)" since if a user has enabled 2FA for their account, this is no longer true and AuthKey is mandatory for them.
Else maybe:
1) have login page show username + password, and then when user clicks on click "Login", check to see if they have 2FA enabled, and if so, display the AuthKey request their code.
2) Or (slicker) after completing and exiting username field, do AJAX call to see if 2FA enabled for that user account, and then reveal password and AuthKey field if required.
The following user(s) said Thank You: cdorin
The topic has been locked.
- markusfluer
- Visitor
4 years 8 months ago - 4 years 8 months ago #186575
by markusfluer
Replied by markusfluer on topic Two-Factor-Authentication is now live
Hey thank you for your review.
I'm the original author of the 2FA plugin.
Of course the (optional) should be removed in case that the 2fa is forced. I will see to make that happen as quickly as possible.
It is quite hard to get the 2-parted authentication smoothly looking via the limesurvey internal login system. We went for a stable and secure integration rather than for something that is visually pleasing in the first draft.
For a second refactoring I will try to add the "second stage" login as you've described here.
I'm the original author of the 2FA plugin.
Of course the (optional) should be removed in case that the 2fa is forced. I will see to make that happen as quickly as possible.
It is quite hard to get the 2-parted authentication smoothly looking via the limesurvey internal login system. We went for a stable and secure integration rather than for something that is visually pleasing in the first draft.
For a second refactoring I will try to add the "second stage" login as you've described here.
Last edit: 4 years 8 months ago by markusfluer.
The topic has been locked.
- blocka
- Offline
- Platinum Member
Less
More
- Posts: 409
- Thank you received: 34
4 years 8 months ago #186738
by blocka
Replied by blocka on topic Two-Factor-Authentication is now live
Thanks for considering the suggestion Markus!
Another thought is it would be more logical (I think) if instead of having the 2-Factor-Settings in the 1st level of the top right menu, it was instead located in the same sub-menu as the My Account and Logout
Another thought is it would be more logical (I think) if instead of having the 2-Factor-Settings in the 1st level of the top right menu, it was instead located in the same sub-menu as the My Account and Logout
The topic has been locked.
- jljansen
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 2
4 years 7 months ago #187634
by jljansen
Replied by jljansen on topic Two-Factor-Authentication is now live
This is great news!
Want on to install the plugin. The plugins show up at the administrator page.
When a normal user wants to set his 2FA the message "You don't have permission to enter this page!" is shown.
Which permissions should a regular user have to view his 2FA page?
Also agree with blocka to locate this button to the sub-menu of the My Account menu
Want on to install the plugin. The plugins show up at the administrator page.
When a normal user wants to set his 2FA the message "You don't have permission to enter this page!" is shown.
Which permissions should a regular user have to view his 2FA page?
Also agree with blocka to locate this button to the sub-menu of the My Account menu
The following user(s) said Thank You: cdorin
The topic has been locked.
- cdorin
- Topic Author
- Offline
- Elite Member
Less
More
- Posts: 234
- Thank you received: 40
4 years 7 months ago #187676
by cdorin
Manual: manual.limesurvey.org/LimeSurvey_Manual
Bugs tracker: bugs.limesurvey.org/my_view_page.php
If you self-host and need help, contact one of our partners: limesurvey.com
Please do not contact me via PM - thank you.
Replied by cdorin on topic Two-Factor-Authentication is now live
Hello jljansen,
If you self-host your instance, please try again the plugin. If you are using our hosting services, please wait for the next update.
Thanks for the report .
If you self-host your instance, please try again the plugin. If you are using our hosting services, please wait for the next update.
Thanks for the report .
Manual: manual.limesurvey.org/LimeSurvey_Manual
Bugs tracker: bugs.limesurvey.org/my_view_page.php
If you self-host and need help, contact one of our partners: limesurvey.com
Please do not contact me via PM - thank you.
The topic has been locked.
- jljansen
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 2
4 years 7 months ago #187736
by jljansen
Replied by jljansen on topic Two-Factor-Authentication is now live
Hi cdorin thank you for looking in to this
I've a self-host instance. Page is now accessible for this user and I can try to connect a 2FA. Response (directCallConfirmKey) unfortunately is
For the admin user there is no problem with permissions but with
Tried both Google authenticator and Authy with the same results.
How can I best help troubleshoot this situation?
I've a self-host instance. Page is now accessible for this user and I can try to connect a 2FA. Response (directCallConfirmKey) unfortunately is
Code:
{"success":false,"message":"No permission for this","data":[]}
For the admin user there is no problem with permissions but with
Code:
{"success":false,"message":"The confirmation key is not correct.","data":[]}
Tried both Google authenticator and Authy with the same results.
How can I best help troubleshoot this situation?
The following user(s) said Thank You: cdorin
The topic has been locked.
- cdorin
- Topic Author
- Offline
- Elite Member
Less
More
- Posts: 234
- Thank you received: 40
4 years 7 months ago #187762
by cdorin
Manual: manual.limesurvey.org/LimeSurvey_Manual
Bugs tracker: bugs.limesurvey.org/my_view_page.php
If you self-host and need help, contact one of our partners: limesurvey.com
Please do not contact me via PM - thank you.
Replied by cdorin on topic Two-Factor-Authentication is now live
Thanks for the feedback. The developer knows about it. We will soon provide another update.
Manual: manual.limesurvey.org/LimeSurvey_Manual
Bugs tracker: bugs.limesurvey.org/my_view_page.php
If you self-host and need help, contact one of our partners: limesurvey.com
Please do not contact me via PM - thank you.
The topic has been locked.
- PPRI
- Offline
- New Member
Less
More
- Posts: 1
- Thank you received: 0
4 years 6 months ago - 4 years 6 months ago #188693
by PPRI
Replied by PPRI on topic Two-Factor-Authentication is now live
Hi. Markus. Nice to meet you in here. I am Young from PPRI.
I tried Limesurvey Professioanl(Hosted Service) and 2FA is working fine in there. I also have a CE Version 3.17.16+190906. I downloaed and installed the plug-in but it's not working.
I clicked 'Create 2FA Binding' after typing in the confirmation Key but nothing happen with both Google Authenticator and Duo.
Any suggestion?
I tried Limesurvey Professioanl(Hosted Service) and 2FA is working fine in there. I also have a CE Version 3.17.16+190906. I downloaed and installed the plug-in but it's not working.
I clicked 'Create 2FA Binding' after typing in the confirmation Key but nothing happen with both Google Authenticator and Duo.
Any suggestion?
Last edit: 4 years 6 months ago by PPRI.
The topic has been locked.