-
-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add two factor authentication #106
base: master
Are you sure you want to change the base?
Conversation
Hi there, I did rebase this PR, squash its commits and refactor around a little bit. Since this is taking me longer than I wanted to, I've uploaded what I've got on the
Anyway, if you want to take care of those two things on top of the 2fa branch, that would be great. |
Hi @marado Regarding the backup code I actually thought about that while I was pushing, and considered leaving to a later stage, but this time is as good as any later one =) I will change the code to store the hash instead of the code, as the backup code doesn't need to be retrieved at any time after it has been generated. However, the secret key does need to be retrieved for the token verification process, making hashing out of the question. I would approach this generating an uid or talker password stored in the talker.db to symmetrically encrypt/decrypt the 2FA secret key (and any other relevant information we might consider worth the process). I would prefer something unique to the environment instead of the installation, but this will facilitate disaster recovery and service migration to another machine. An alternative could be to use a file as a key for the encryption/decryption process (which could be local or retrieved from an url; the hash of the file would be used as a key). |
Encryption key could also come from environment variable |
Replaced speakeasy library by otpauth for 2FA