syspass / plugin-authenticator Goto Github PK
View Code? Open in Web Editor NEW2FA authentication plugin for sysPass based on TOTP algorithm (RFC 6238)
Home Page: https://syspass.org
License: GNU General Public License v3.0
2FA authentication plugin for sysPass based on TOTP algorithm (RFC 6238)
Home Page: https://syspass.org
License: GNU General Public License v3.0
Hello!
I'm trying to use the authenticator plugin in a docker-compose
setup with Syspass 3.1.2
. Based on the docker-compose.yml
file in the documentation, it looks like this:
version: '2'
services:
app:
container_name: syspass-app
image: syspass/syspass:3.1.2
restart: always
ports:
- "80"
- "443"
links:
- db
volumes:
- syspass-config:/var/www/html/sysPass/app/config
- syspass-backup:/var/www/html/sysPass/app/backup
environment:
- COMPOSER_EXTENSIONS=syspass/plugin-authenticator:^2.1
db:
container_name: syspass-db
restart: always
image: mariadb:10.2
environment:
- MYSQL_ROOT_PASSWORD=syspass
ports:
- "3306"
volumes:
- syspass-db:/var/lib/mysql
volumes:
syspass-config: {}
syspass-backup: {}
syspass-db: {}
During startup of the syspass-app
container, however, I see log messages like these:
syspass-app | setup_composer_extensions: syspass/plugin-authenticator:^2.1
syspass-app | ~ /var/www/html
syspass-app | run_composer: Running composer
syspass-app | ./composer.json has been updated
syspass-app | Loading composer repositories with package information
syspass-app | Updating dependencies
syspass-app | Your requirements could not be resolved to an installable set of packages.
syspass-app |
syspass-app | Problem 1
syspass-app | - The requested package phpseclib/phpseclib (locked at 2.0.21, required as ~2.0.25) is satisfiable by phpseclib/phpseclib[2.0.21] but these conflict with your requirements or minimum-stability.
syspass-app | Problem 2
syspass-app | - The requested package php-di/php-di (locked at 6.0.9, required as ~6.0.11) is satisfiable by php-di/php-di[6.0.9] but these conflict with your requirements or minimum-stability.
syspass-app |
syspass-app | Running update with --no-dev does not mean require-dev is ignored, it just means the packages will not be installed. If dev requirements are blocking the update you have to resolve those problems.
syspass-app |
syspass-app | Installation failed, reverting ./composer.json to its original content.
It seems like the dependencies specified in either composer.json
or composer.lock
don't agree with each other between the authenticator and Syspass itself?
What's interesting is that if I switch to version 3.1.1
of Syspass (image: syspass/syspass:3.1.1
), everything seems to work fine:
syspass-app | setup_composer_extensions: syspass/plugin-authenticator:^2.1
syspass-app | ~ /var/www/html
syspass-app | run_composer: Running composer
syspass-app | ./composer.json has been updated
syspass-app | Loading composer repositories with package information
syspass-app | Updating dependencies
syspass-app | Package operations: 3 installs, 0 updates, 0 removals
syspass-app | - Installing syspass/extension-installer-plugin (dev-master 84775dd): Cloning 84775ddce1 from cache
syspass-app | - Installing bacon/bacon-qr-code (1.0.3): Downloading (100%)
syspass-app | - Installing syspass/plugin-authenticator (v2.1.0): Downloading (100%)
syspass-app | Package jeremeamia/SuperClosure is abandoned, you should avoid using it. Use opis/closure instead.
syspass-app | Writing lock file
syspass-app | Generating optimized autoload files
syspass-app | /var/www/html
Would it be possible to update the authenticator plugin and release a new version that's compatible with the Syspass 3.1.2
release?
Hi,
after the installation of your plugin, the qr code isn't displayed as the screen attached.
No error inside the log and moving the mouse over the "image" the cursor change from arrow to a different: in my opinion don't works the rendering of qr code.
The syspass-ap is the latest 3.2.2.
I added the line
- COMPOSER_EXTENSIONS=syspass/plugin-authenticator:^v2.2
into docker-compose.yml
I found the following lines during the update of the container:
1 package suggestions were added by new dependencies, use `composer suggest` to see details.
Package jeremeamia/superclosure is abandoned, you should avoid using it. Use opis/closure instead.
Package fzaninotto/faker is abandoned, you should avoid using it. No replacement was suggested.
Package phpunit/dbunit is abandoned, you should avoid using it. No replacement was suggested.
Package phpunit/php-token-stream is abandoned, you should avoid using it. No replacement was suggested.
Package phpunit/phpunit-mock-objects is abandoned, you should avoid using it. No replacement was suggested.
Generating optimized autoload files
Class SP\Tests\SP\Services\UserGroup\UserToUserGroupServiceTest located in ./tests/SP/Services/UserGroup/UserToUserGroupServiceTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SP\Tests\SP\Services\UserGroup\UserGroupServiceTest located in ./tests/SP/Services/UserGroup/UserGroupServiceTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SP\Tests\SP\Services\User\UserServiceTest located in ./tests/SP/Services/User/UserServiceTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SP\Tests\SP\Services\UserProfile\UserProfileServiceTest located in ./tests/SP/Services/UserProfile/UserProfileServiceTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SP\Tests\SP\Services\UserPassRecover\UserPassRecoverServiceTest located in ./tests/SP/Services/UserPassRecover/UserPassRecoverServiceTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SP\Tests\SP\Repositories\UserToUserGroupRepositoryTest located in ./tests/SP/Repositories/UserToUserGroupRepositoryTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SP\Tests\Repositories\UserGroupRepositoryTestCase located in ./tests/SP/Repositories/UserGroupRepositoryTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SP\Tests\SP\Util\UtilTest located in ./tests/SP/Util/UtilTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SP\Tests\SP\Core\Acl\AclTest located in ./tests/SP/Core/Acl/AclTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SP\Tests\SP\Core\Crypt\SecureKeyCookieTest located in ./tests/SP/Core/Crypt/SecureKeyCookieTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SP\Tests\SP\Core\Crypt\HashTest located in ./tests/SP/Core/Crypt/HashTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SP\Tests\SP\Core\Crypt\CryptPKITest located in ./tests/SP/Core/Crypt/CryptPKITest.php does not comply with psr-4 autoloading standard. Skipping.
Hi,
I using syspass 3.0 with some information as picture.
Based on document the plugin-authenticator version 2.1 should be used. But after installed version 2.1 successful.
the server internal error 500 happened.
and found some http error-log like this:
Could you please tell me which version should I use for my environment?
Thank you so much,
Br
Hello can you give me a step by step to install you plugin please, for docker-compose 3.1.2
thanks a lot
Would it be possible to add a policy to force all users or users in a group to use 2FA?
Thanks
I have backed up and restored an existing SysPass to a new instance. 2FA is working on the original instance but on the new instance, when I try to enable 2FA and enter the code, it always comes back with "Wrong Code".
I have tried disabled and re-enabling the plugin, resetting the plugin data and using different auth apps all with the same result.
No errors in the SysPass.log.
Google Chrome web browser.
Hello team,
I have enabled 2FA and was using it to login to syspass.
However I lost my cell phone and had to reinstall it from backup on a new phone.
When trying to login to syspass, 2FA gives "wrong code" error. Since I am the administrator and hence I cant login at the moment I dont know how to disable 2FA to change/re-enable google authenticator.
Can someone please help me how to disable 2FA within shell/config file/database etc. to re-scan QR code. Thank you for your helps in advance.
Regards,
Emre.
Installation on last release syspass, php7.1 on centos 7.6
Package phpunit/phpunit-mock-objects is abandoned, you should avoid using it. No replacement was suggested.
Package phpunit/dbunit is abandoned, you should avoid using it. No replacement was suggested.
Hi,
Firstly, thank, Syspass is awesome,
And I got a question,
Do you think it's possible to authenticate with a device like Smartcard ?
We use Yubikey in enterprise, it's secure, but on syspass connected to LDAP we have to use our password, do you think one day it could be possible to use a syspass with a smartcard?
I think it is possible to use a security key by Yubico
Thank in advance,
Hello,
I have problem with Authenticator ( in Syspass 3.2, Authenticator 2.2.1).
When I enable Authenticator in Plugins, I see in User prefereneces only text "Class 'BaconQrCode\Renderer\Image\Png' not found" nothing else.
When I disable Autheticator in Plugins, It works good, I could set some User preference.
Please how I solve this problem?
Thnaks
Hey,
I dockerized syspass-app and add Authenticator plugins. But each time the app said the code is not available. Any idea ?
Hello,
We just start with this project and we install a fresh copy of the server with composer. After we use composer to list the available package (composer suggest) and pick league/oauth2-google, install dependency and everything go fine. Login with admin, enable the plugin, create a test user, connecting with the test user, edit the profile for enabling 2FA, scan QR code and activate it, logout and try to login and get this error
There was an error
SyntaxError: Unexpected token C in JSON at position 0
Call to undefined method SP\Core\Events\EventMessage::getData()
Do you have any idea ?
Thanks !
I have a problem with the installation of the authenticator plugin
In my docker-compose.yml I've added following lines:
COMPOSER_EXTENSIONS=syspass/plugin-authenticator:^v2.0
When I build the container then I become following error:
The requested PHP extension ext-xdebug * is missing from your system. Install or enable PHP's xdebug extension.
Do you have a solution for this problem?
Thanks
update syspass to the latest release 2.1.12 and also the Authenticator plugin 1.1.0.
I like the feature about getting a temporary code emailed, the issue is that once i log in i want to disable the 2 factor authentication but i get an error saying i need to enter a code. How would a disable the two factor ? Was the plug in suppose to disable the two factor ?
Please advice, thanks!
Hi,
We have an issue, when we try to update any account is already existing when we click on save button nothing happen.
We have ; 2.1 (2.1.16.18061901)
Using One Time Password to login seems mandatory for sufficient security.
But when you have to connect 15 times a day, it's tedious ...
It would be very convenient to be able to authorize the connection without OTP for x minutes or hours after a first connection on the same browser, as can be seen in most web applications that use OTP.
Thank you
Hello,
we've decided to force 2fa for all the syspass users in the company. Some users, however, started complaining that they cannot enable 2fa in the profile settings. They toggle the switch, scan the QR code and write down the verification code. After hitting save, they get the green bar "preferences saved" but 2fa gets immediatelly disabled again and a new QR code is displayed.
I have tracked the problem down to a DB schema deficiency. The column plugin_data
under the table plugins
is defined as VARBINARY(5000)
. Since each user settings consumes about 600B (recovery codes take a lot), after about 8-10 users one hits the column size limit and all successive MySQL save queries start to fail. The problem is even more anoying since if the query fails, the exception is turned into false
return in savePluginUserData
and the user only gets one green bar instead of two (but no error message). So he/she is unaware of the saving problem. The solution at the moment was to update the column definition to VARBINARY(32768)
but this is only a short-term solution. As the number of users can grow to hundreds, this storage schema will not scale (since VARBINARY is capped to 65k, I believe).
sidenote: Why is there a use2fa
field under the usrData
table which is always set to 0 when there is a complete settings under plugins
?
Best regards,
David Fabian
I copied the Material Blue theme and changed some css colours, then installed the MFA plugin, but it doesn't work if the copied theme is active.
Hi
After getting sent the recovery code, i'm redirected to:
authenticator/checkCode/undefined
to a 404 not found...
Please advice
Hello,
since there isnt an option yet to enforce the 2FA on users, we thought to enforce it "manually" and check that everyone will not disable it by making an alert on our remote syslog at a given event like "user edited the 2FA" or "user removed it".
I know there is an event called "show.userSettings" but that is generated everytime a user click or edit a generic setting, not only the 2FA.
My question: is there a specific event that tells when a user makes a change in the 2FA?
If not it would be great if it will be implemented in the future releases.
Thank you for the hard work on syspass, its really a great tool 👍
Regards
add support for syspass 3.2 please
Is there any way to redefine the user account when he loses his device that saves the authenticator of Google authenticator?
Hi,
I cannot use the Plugin. I hit "aktivate" and syspass answers, it's avtivated.
But when I hit "show plugin" i get the following Error Message:
SyntaxError: JSON.parse: unexpected character at line 2 column 1 of JSON data
I use the download from the master-branch.
Here are my version numbers:
sysPass Version
3.1-RC2 (310.19043001)
Config: 310.19043001
App: 310.19043001
DB: 310.19043001
--
Datenbank
SERVER_VERSION : 5.5.60-MariaDB
CLIENT_VERSION : mysqlnd 5.0.12-dev - 20150407 - $Id: 7cc7cc96e675f6d72e5cf0f267f48e167c2abb23 $
SERVER_INFO : Uptime: 6499967 Threads: 1 Questions: 794816 Slow queries: 0 Opens: 158 Flush tables: 2 Open tables: 53 Queries per second avg: 0.122
CONNECTION_STATUS : Localhost via UNIX socket
Name: syspass@localhost
--
PHP
Version: 7.3.5
--
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.3.5
Thanks for your help :)
Is this plugin still in development? It seems like it has been abandoned
Hello,
I have just upgraded syspass to the newest version and everything seems to work fine except for the 2fa plugin. After installing the v2 version and enabling it in the admin menu, nobody is able to log in because the 2fa plugin outputs internal error
on every log in attempt.
The reason for this is a change in IV processing for existing users/configurations. When the user attempts to verify a PIN, syspass will load the corresponding IV from the DB. In the old version, this raw IV is then encoded using Base2N
and then passed to the google authentication. In the new version, the raw IV is sent directly to the google authenticator which raises an exception (Google2FA.php, line 100) since the raw IV contains invalid base32 characters, e.g. 5718d5e75278.....d3dfbdd4c9a
.
To fix this, one has to emulate the old behavior and add this to AuthenticatorService.php:
public static function verifyKey(string $key, string $iv)
{
$base32 = new Base2n(
5,
'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567',
false,
true,
true
);
$iv = substr($base32->encode($iv), 0, 16);
return Google2FA::verify_key($iv, $key);
}
After this change to verifyKey()
, everything starts working.
Best regards,
David Fabian
Combining the newest master branch of nuxsmin/sysPass@a2858ed and sysPass-Plugins 6bc9937 gives me this error:
PHP Warning: require(/var/www/html/syspass/inc/Plugins/LICENSE/LICENSEPlugin.class.php): failed to open stream: No such file or directory in /var/www/html/syspass/inc/SplClassLoader.php
PHP Fatal error: require(): Failed opening required '/var/www/html/syspass/inc/Plugins/LICENSE/LICENSEPlugin.class.php' (include_path='.:/usr/share/php') in /var/www/html/syspass/inc/SplClassLoader.php on line 173
I'm running syspass v3 rc4 without issue without docker, but when I try to add this plugin with composer I get the following issue and syspass breaks until I delete the Authenticator folder in plugins.
https://pastebin.com/raw/Jann1t1D
is it me doing something wrong?
Hi,
I was trying this out to see how well it would work, running the latest syspass available on docker hub (3.2.11), but it fails due to php being too old:
[Wed Sep 28 04:18:26.470977 2022] [php7:error] [pid 905] [client ] PHP Fatal error: Composer detected issues in your platform: Your Composer dependencies require a PHP version ">= 7.4.0". You are running 7.3.31-1~deb10u1. in /var/www/html/sysPass/vendor/composer/platform_check.php on line 24
Being the type of person I am, I disabled the check and everything works fine, but out of the box it doesn't seem to work currently.
Hello,
the pin input should have autofocus enabled when the 2fa plugin requests a PIN. It is inconvenient to use mouse to focus the field and then start typing. Simply adding the autofocus
attribute to the element is enough, I think.
Best regards,
David Fabian
Hi,
Many thanks.
Hola,
he conseguido instalar el plugin en sysPass 3.1 pero no soy capaz de ver como debo de configurar.
apt-get install php7.2-xdebug
service apache2 restart
cd /var/www/html/syspass
php composer.phar require syspass/plugin-authenticator:^v2.1
Una vez instalado lo he activado, entiendo que debería de aparecer algún código Qr pero no se donde buscarlo. En el apartado usuario no veo ninguna nueva opción.
Pueden ayudarme?
Gracias.
Hello.
Tried install plugin with php composer.phar require syspass/plugin-authenticator:^v2.1
, but have an error
- The requested package phpseclib/phpseclib (locked at 2.0.21, required as ~2.0.25) is satisfiable by phpseclib/phpseclib[2.0.21] but these conflict with your requirements or minimum-stability.
Problem 2
- The requested package php-di/php-di (locked at 6.0.9, required as ~6.0.11) is satisfiable by php-di/php-di[6.0.9] but these conflict with your requirements or minimum-stability.
Installation failed, reverting ./composer.json to its original content.
Also tried install with php composer.phar require --no-update syspass/plugin-authenticator, but no any plugins appear in Syspass plugins tab.
What I'm doing wrong? Thanks in advance.
It would be useful to be as inclusive as possible in this plugin description.
By indicating only that it works "with Google Authenticator" this may give the impression it only works with GA.
Other applications that this may work with, as I understand it, are KeepassXC, AndOTP, etc.
I would propose "Plugin to add two factor authentication (2FA) support to sysPass login for applications that implement Time-based One-time Password Algorithm (TOTP) as specified in RFC 6238.
This has been tested with AndOTP, KeepassXC, Google Authenticator."
... or similar
Hi,
i tried to install this to the v3 version but it does not work. What i did:
cd /var/www/vhosts/pw.THEDOMAIN.de/app/modules/web/plugins
git clone https://github.com/nuxsmin/sysPass-Plugins.git
cd sysPass-Plugins
mv * ../
cd ..
rm -rf sysPass-Plugins
cd ..
chown -R www-data:www-data plugins
chmod -R 750 plugins
i gues this does not work due to some structural changes right?
regards, Mario
I copied the "Authenticator" folder to the "Plugins" folder on the sysPass server however it is still saying that there are no loaded plugins when I look at the "Information" tab in Configuration.
According to your Plugins page (https://doc.syspass.org/en/application/plugins.html), it states that there needs to be a lowercase authenticator.po file but I don't see that in the zip file that I downloaded from Github.
The text field retains the previously used code.
It would probably be better to prevent it.
autocomplete="off" ??
Hi,
I try to install this plugin but it throw me an error everytime.
version: '2' services: app: container_name: syspass-app image: syspass/syspass:3.2.1 restart: always ports: - "8282:80" - "8383:443" links: - db volumes: - ./data/syspass-config:/var/www/html/sysPass/app/config - ./data/syspass-backup:/var/www/html/sysPass/app/backup environment: - USE_SSL=yes - COMPOSER_EXTENSIONS=syspass/plugin-authenticator:^v2.2 db: container_name: syspass-db restart: always image: mariadb:10.2 environment: - MYSQL_ROOT_PASSWORD=syspass ports: - "3306" volumes: - ./data/syspass-db:/var/lib/mysql
`entrypoint: Starting with UID : 9001
setup_app: Setting up permissions
setup_composer_extensions: syspass/plugin-authenticator:^v2.2
~ /var/www/html
run_composer: Running composer
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Installation request for syspass/extension-installer-plugin v2.0.0 -> satisfiable by syspass/extension-installer-plugin[v2.0.0].
- syspass/extension-installer-plugin v2.0.0 requires composer-plugin-api ^2.0 -> no matching package found.
Problem 2
- syspass/plugin-authenticator v2.2.0 requires syspass/extension-installer-plugin ^2.0 -> satisfiable by syspass/extension-installer-plugin[v2.0.0].
- syspass/plugin-authenticator v2.2.1 requires syspass/extension-installer-plugin ^2.0 -> satisfiable by syspass/extension-installer-plugin[v2.0.0].
- syspass/extension-installer-plugin v2.0.0 requires composer-plugin-api ^2.0 -> no matching package found.
- Installation request for syspass/plugin-authenticator ^v2.2 -> satisfiable by syspass/plugin-authenticator[v2.2.0, v2.2.1].
Potential causes:
Installation failed, reverting ./composer.json to its original content.`
Could you help me on this ?
Regards,
Hey,
first of all a big thx for this cool tool. I have started playing around an for my small company all features are given.
Just a small enhancemend would be a cool new feature: storing OTP passwords in account's. I would DONATE for this feature ;-)
thx & regards
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.