Add some minimal MFA stuff as a proof of concept #5

charsbar · 2023-04-28T14:41:39Z

This PR is only to show a proof of concept of andk#292 . No intention of merging this year. Nor feature complete.

Some of the known TODOs are:

decide how to provide/store/accept recovery codes
action override; provide a way for pause admins to disable mfa for someone else (without submitting any validation code)
mail content
nice description / usage text
testing (manually, with and without mfa)
decide how to communicate with cpan clients (mfa_code field should be ok?)
decide where to add mfa stuff (currently only edit_cred, but upload, change password, and permission stuff should be some of the candidates)
update the MFA page properly after enabling/disabling

See andk#388 for basic usage of docker compose.

charsbar · 2023-04-28T14:51:50Z

If MFA doesn't work well after restarting servers etc...

stop docker-compose, run docker system prune, and then start docker-compose again
remove the stored url (via QR code) from your smartphone

Add some minimal MFA stuff as a proof of concept

ded8445

charsbar marked this pull request as draft April 28, 2023 14:41

charsbar closed this Apr 21, 2024

charsbar deleted the poc/mfa branch April 21, 2024 02:02

charsbar mentioned this pull request Apr 26, 2024

Add MFA protection to several pages of the PAUSE andk/pause#455

Draft

Provide feedback