Add TOTP (i.e. Google Authenticator) 2FA to Logins

Discussion in 'Feature Requests' started by diab, Dec 3, 2022.

  1. diab

    diab New Member

    The recently released ISPConfig version finally supports 2FA (thank you!) but it's limited to e-mail only.
    Would it be possible to add TOTP support (i.e. Google Authenticator)?
    The QR code could be generated in JS client side, similar to https://github.com/lrsjng/kjua
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Feel free to implement it or hire a dev to do so ;) Currently I don't think it will be implemented soon, unless someone sponsors it.
     
  3. diab

    diab New Member

    Hi, thanks for the feedback - I'm actually thinking of implementing it for fun using already existing totp/qr libraries (and releasing it for free, you're welcome to integrate it), would this method work? How about licensing compatibility?

    My theoretical plan is:

    - Use a GPL3 TOTP library that's single class, for example this one here: https://www.idontplaydarts.com/static/ga.php_.txt
    - Add a QR code JS library to make QR generation easier, like this: https://github.com/davidshimjs/qrcodejs - it depends on jquery but I see that ISPConfig is using it anyways so it's ok. This one is MIT licensed.
    - The DB sys_user table has otp_data / otp_recovery / otp_attempts fields that would work just fine for totp, otp_type had to be altered to include 'totp' in addition to 'none' and 'email'.
    - Patch the admin form to include TOTP configuration + generation, patch login to implement TOTP.

    What do you think? Is this feasible?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer


    All libraries you use and the code you write must use BSD license or a compatible license like MIT. For example, you can not use GPL2 or GPL3 code as this would infect the ISPConfig code to become GPL if we included it.
     
  5. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Also, I'd recommend to immediately open a merge request so we can see the code and give feedback.
     
  6. diab

    diab New Member

    Thank you both for responding, I will check licensing and open a proper merge request if it works out.
     
  7. helmo

    helmo Member HowtoForge Supporter

    Oazis likes this.

Share This Page