Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔒 feat: Two-Factor Authentication with Backup Codes & QR support #5685

Merged
merged 54 commits into from
Feb 18, 2025
Merged

🔒 feat: Two-Factor Authentication with Backup Codes & QR support #5685

merged 54 commits into from
Feb 18, 2025

Conversation

rubentalstra
Copy link
Collaborator

@rubentalstra rubentalstra commented Feb 6, 2025
edited
Loading

Summary

Closes: #5681

This PR introduces two-factor authentication (2FA) functionality to the application. The changes include:

  • Backend Enhancements:

    • Added a new TOTP service for generating TOTP secrets and codes using Base32 encoding.
    • Implemented controllers for 2FA enabling, verification (both via TOTP code and backup codes), confirmation, disabling, and backup code regeneration.
    • Extended the user schema to store TOTP-related fields such as totpEnabled, totpSecret, and backupCodes.
    • Created a temporary 2FA token using JWT to handle 2FA during login.
    • Updated the authentication flow in the login controller to handle 2FA pending states.

  • Frontend Enhancements:

    • Developed a new TwoFactorScreen component to handle 2FA verification during login.
    • Integrated 2FA settings into the Account settings UI, including a QR code display for scanning and backup code download functionality.
    • Updated routing and localization files to support the new 2FA endpoints and UI messages.
    • Enhanced the React Query data-provider with new endpoints and mutations for 2FA actions.

  • General:

    • Updated package dependencies (e.g., added passport-totp) and adjusted API endpoints accordingly.
    • Added tests (or prepared the code for local unit testing) ensuring the new 2FA functionality works as expected.

  • Status: Ready for review.

Change Type

  • New feature (non-breaking change which adds functionality)

Testing

///

Checklist

  • My code adheres to this project's style guidelines.
  • I have performed a self-review of my own code.
  • I have commented in any complex areas of my code.
  • I have made pertinent documentation changes.
  • My changes do not introduce new warnings.
  • I have written tests demonstrating that my changes are effective or that my feature works.
  • Local unit tests pass with my changes.
  • Any changes dependent on mine have been merged and published in downstream modules.
  • A pull request for updating the documentation has been submitted.

@berry-13 berry-13 marked this pull request as draft February 6, 2025 15:26
@rubentalstra
Copy link
Collaborator Author

rubentalstra commented Feb 6, 2025
edited by berry-13
Loading

  • better error handling
  • add option to refresh backup codes
  • add option to disable 2FA with backup codes
  • (optional) maybe show the user which backup codes have already been used?
  • 2FA only an option when the user provider is local @berry-13
Screenshot_2025-02-09_at_16 20 18

rubentalstra and others added 12 commits February 7, 2025 23:21
@rubentalstra
🔒 feat: add Two-Factor Authentication (2FA) with backup codes & QR su…
a9f3917 
…pport (#5684)

* working version for generating TOTP and authenticate.

* better looking UI

* refactored + better TOTP logic

* fixed issue with UI

* fixed issue: remove initial setup when closing window before completion.

* added: onKeyDown for verify and disable

* refactored some code and cleaned it up a bit.

* refactored some code and cleaned it up a bit.

* refactored some code and cleaned it up a bit.

* refactored some code and cleaned it up a bit.

* fixed issue after updating to new main branch

* updated example
@rubentalstra
refactored controllers
8544629
@rubentalstra
removed passport-totp not used.
46a28f9
@rubentalstra
update the generateBackupCodes function to generate 10 codes by defa…
6dd6d74 
…ult:
@rubentalstra
update the backup codes to an object.
57d7f71
@rubentalstra
fixed issue with backup codes not working
3ca2b7a
@rubentalstra
be able to disable 2FA with backup codes.
05c87d9
@rubentalstra
removed new env. replaced with JWT_SECRET
3d35cf2
@berry-13 @rubentalstra
✨ style: improved a11y and style for TwoFactorAuthentication
9c329ea
@berry-13 @rubentalstra
🔒 fix: small types checks
6387cce
@berry-13 @rubentalstra
✨ feat: improve 2FA UI components
3cc612a
@berry-13 @rubentalstra
fix: remove unnecessary console log
20dfbd4
@rubentalstra rubentalstra added the ✨ enhancement New feature or request label Feb 8, 2025
@rubentalstra
Copy link
Collaborator Author

@berry-13 it’s now your turn to do your magic. After Berry is done with the UI it’s ready for Merge.

Repository owner deleted a comment from github-actions bot Feb 12, 2025
@rubentalstra
Copy link
Collaborator Author

@danny-avila conflicts has been resolved. is ready!

danny-avila
danny-avila requested changes Feb 17, 2025
View reviewed changes
@danny-avila
Copy link
Owner

Please see my review comments and unmark as draft when complete. Thank you for your work on this, excited to use it.

@danny-avila danny-avila marked this pull request as draft February 17, 2025 16:21
@berry-13 berry-13 changed the title 🔒feat: add Two-Factor Authentication (2FA) with backup codes & QR support 🔒 feat: add Two-Factor Authentication (2FA) with backup codes & QR support Feb 17, 2025
@rubentalstra rubentalstra marked this pull request as ready for review February 17, 2025 20:19
danny-avila
danny-avila requested changes Feb 17, 2025
View reviewed changes
api/models/schema/userSchema.js Outdated
},
backupCodes: {
type: [backupCodeSchema],
default: [],
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we remove the default?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no we can not. this is used to check if the user has backupCodes or not. I'm sorry. it's part of the login controller logic as well

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It can be removed, I'll do it

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know I wrote it to you 😀. Thank you.

@danny-avila danny-avila marked this pull request as draft February 17, 2025 20:55
@rubentalstra rubentalstra marked this pull request as ready for review February 17, 2025 21:44
danny-avila
danny-avila requested changes Feb 17, 2025
View reviewed changes
api/models/schema/userSchema.js Outdated
},
backupCodes: {
type: [backupCodeSchema],
default: [],
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It can be removed, I'll do it

@danny-avila danny-avila changed the title 🔒 feat: add Two-Factor Authentication (2FA) with backup codes & QR support 🔒 feat: Two-Factor Authentication with Backup Codes & QR support Feb 18, 2025
@danny-avila danny-avila merged commit f0f0913 into main Feb 18, 2025
7 checks passed
@danny-avila danny-avila deleted the feat/2fa branch February 18, 2025 00:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@berry-13 berry-13 berry-13 left review comments

@danny-avila danny-avila danny-avila requested changes

Assignees

@rubentalstra rubentalstra

@berry-13 berry-13

Labels
✨ enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enhancement: Implement 2FA
3 participants
@rubentalstra @danny-avila @berry-13