[#30522] - [4.1] Extend 2FA Enforcement option to select usergroups
- Fixed in Code Base
- 22 Sep 2020
- Medium
- Build: 4.1-dev
- # 30522
- Diff
- zero-24:force2fausergroup
User tests: Successful: Unsuccessful:
Pull Request for Issue #29321 cc @conconnl
Summary of Changes
Extend 2FA Enforcement option to select usergroups
Testing Instructions
- Apply this patch
- enable atleast one 2fa plugin
- go to
Users->Manage->Options - Set
Enforce Two Factor Authenticationto both - Add an usergroup (Superuser for example)
- save and close the settings
- you are now beeing forced to setup 2fa
- login as an non-superuser
- you are not forced to setup 2fa
Actual result BEFORE applying this Pull Request
You could not force 2fa to a specific usergroup
Expected result AFTER applying this Pull Request
You can now force 2fa to a specific usergroup
Documentation Changes Required
Additional option has to be documented.
Backports
That feature has been backported to 3.9+ here: https://github.com/zero-24/plg_system_force2fausergroup/releases/latest
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Administration com_users Language & Strings Libraries |
Thinking out aloud here but shouldnt it be a minimum usergroup. IT wouldnt make sense to force 2fa on a manager but not on an administrator
I get your point but i'm not sure whether we should implement such hierachie reading given that on bigger sites this could get quite complex. And that would lock every site owner to that rule without (for whatever reason) exception.
There might be someone above Administrator in the Hierarchie but they are not allowed to do com_users so they choose to not force 2fa to them but all other groups above Administrator should be forced to setup 2fa.
With the solution provided here both is possible with us writing non complex code and it is transparent to the site admin which group is forced to setup 2fa
I have tested this item
Works as expected.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30522.
I have tested this item
It works as expected.
- Force "both" without groups selected, force it for everybody.
- "Frontend" or "Backend" the same for either side.
- Selecting user groups makes the enforcement only active on those groups.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30522.
| Status | Pending | ⇒ | Ready to Commit |
RTC Thanks!
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30522.
| Labels |
Added:
?
?
?
|
||
Restartet drone
Drone seems to be a more general problem with the 4.1 branch: https://ci.joomla.org/joomla/joomla-cms/35141/1/8 unrealted to this PR for sure.
I just merged 4.0-dev into 4.1-dev. can you merge in latest 4.1-dev here and see if it fixes the issue please?
PR has been updated.
| Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-09-22 17:51:12 |
| Closed_By | ⇒ | wilsonge |
Thanks!
Drone fails unrealted to the changes done here. It seems 4.1 composer stuff is broken: https://ci.joomla.org/joomla/joomla-cms/35096/1/8