2FA/OTP Config
The 2FA/OTP Config Module
The user_2fa_otp_config
module provides opt-in, configuration, and viewing of Two-Factor Authentication via One-Time-Password (2FA/OTP) settings. In order to allow users access to 2FA/OTP, the system must be properly configured. See Security for more information.
By default, the 2FA/OTP configuration menu may only be accessed by users connected securely (ACS
SC
). It is highly recommended to leave this default as accessing these settings over a plain-text connection could expose private secrets!
Configuration
Config Block
Available config
block entries:
-
infoText
: Overrides default informational text string(s). See Info Text below. -
statusText:
Overrides default status text string(s). See Status Text below.
Example:
config: {
infoText: {
googleAuth: Google Authenticator available on mobile phones, etc.
}
statusText: {
saveError: Doh! Failed to save :(
}
}
Info Text (infoText)
Overrides default informational text relative to current selections. Available keys:
-
disabled
: Displayed when OTP switched to enabled. -
enabled
: Displayed when OTP switched to disabled. -
rfc6238_TOTP
: Describes TOTP. -
rfc4266_HOTP
: Describes HOTP. -
googleAuth
: Describes Google Authenticator OTP.
Status Text (statusText)
Overrides default status text for various conditions. Available keys:
otpNotEnabled
noBackupCodes
saveDisabled
saveEmailSent
saveError
qrNotAvail
emailRequired
Theming
The following MCI codes are available:
- MCI 1: (ie:
TM1
): Toggle 2FA/OTP enabled/disabled. - MCI 2: (ie:
SM2
): 2FA/OTP type selection. - MCI 3: (ie:
TM3
): Submit/cancel toggle. - MCI 10…99: Custom entries with the following format members available:
-
{infoText}
: Info Text for current selection.
-
Web and Email Templates
A template system is also available to customize registration emails and the landing page.
Emails
Multipart MIME emails are send built using template files pointed to by users.twoFactorAuth.otp.registerEmailText
and users.toFactorAuth.otp.registerEmailHtml
supporting the following variables:
-
%BOARDNAME%
: BBS name. -
%USERNAME%
: Username receiving email. -
%TOKEN%
: Temporary registration token generally used in URL. -
%REGISTER_URL%
: Full registration URL.
Landing Page
The landing page template is pointed to by users.twoFactorAuth.otp.registerPageTemplate
and supports the following variables:
-
%BOARDNAME%
: BBS name. -
%USERNAME%
: Username receiving email. -
%TOKEN%
: Temporary registration token generally used in URL. -
%OTP_TYPE%
: OTP type such asgoogleAuth
. -
%POST_URL%
: URL to POST form to. -
%QR_IMG_DATA%
: QR code in URL image data format. Not always available depending on OTP type and will be set to blank in these cases. -
%SECRET%
: Secret for manual entry.