2 step authentication

I’m relatively new so I want to apologize ahead of time if this is in the wrong forum channel.

I’m looking into adding 2 step authentication to my app.

Some slick executions of this I’ve seen include sending a one time email code or using something like Google Authenticator or Authy.

On the surface, I think it would be simplest to generate a one time key upon initial login, save to DB and set an expiration on it (now +1 hour for example), email it to the user and only allow the user to proceed into the app if the key they entered matches the generated key.

I would love to hear any insight into whether anyone has done any sort of 2 step authentication and whether there is a preferred/recommended Wappler method.

1 Like

Yes, the emailed code which expires after an hour would be the easiest to implement. I would add two fields to the user table - one for the code and one for the expiry date/time. Then check their input against both.

I reckon (I’ve not actively looked) there’s a script which can do the 6-digit authenticator codes as it’s done in lots of sites so maybe this is something that could be added to the Security Provider actions as part of Wappler?

1 Like

Good stuff. Thanks @sitestreet!

2 Likes

Google Authenticator / Authy 2FA wasn’t so hard to implement on top of Wappler security provider.
It took my two days without prior knowledge.
I used this library to fasten the implementation :

2 Likes

Thanks @jeoff75, that’s just what I was thinking of. It would be excellent if this could be made part of the Security Provider in Wappler.

1 Like

I finally pushed it to a public git here if you want to have a look :
https://bitbucket.org/jeoff75/wapplerloginboilerplate/

More details :

5 Likes

Thanks for that @jeoff75!

I’ve created a Feature Request for 2FA… please give it your vote! :slight_smile:

1 Like

@Antony You have my vote

1 Like

Hi @jeoff75,

That is so awesome for you to share this git with us! After some fiddling around with getting your git running in Wappler with Docker (this is the only way I know how to work with Wappler, so far), I did actually manage to register an Authy app for my localhost application. That’s great, thanks!

(btw, for other people that want to try this: you need to change the name of the sql file to db_save.sql and put it in your db_init folder, according to this thread: Clone (update latest changes) in new remote DB in DB Manager on new remote Docker . Also I changed all the database connections to db, default name for database with wappler/docker and changed the api actions to http://localhost instead of https)

However, on login with the authy app, I’m still running into issues. It does check if the token is correct. So I do get a message if, for instance, I do a typo. On a correct token it throws an error (my email address is replaced by EMAIL for spam protection :sunglasses:).

The error is by the file login_2FA-step.php

{code: 0, file: “/var/www/html/dmxConnectLib/lib/db/SqlBuilder.php”, line: 26,…}
code: 0
file: “/var/www/html/dmxConnectLib/lib/db/SqlBuilder.php”
line: 26
message: “Argument 2 passed to lib\db\SqlBuilder::__construct() must be an instance of lib\db\Connection, null given, called in /var/www/html/dmxConnectLib/lib/auth/DatabaseProvider.php on line 23”
trace: “#0 /var/www/html/dmxConnectLib/lib/auth/DatabaseProvider.php(23): lib\db\SqlBuilder->__construct(Object(lib\App), NULL)\n#1 /var/www/html/dmxConnectLib/lib/auth/Provider.php(113): lib\auth\DatabaseProvider->validate(‘EMAIL’, ‘587b8794180dee0…’)\n#2 /var/www/html/dmxConnectLib/modules/auth.php(44): lib\auth\Provider->login(‘EMAIL’, ‘587b8794180dee0…’, false)\n#3 /var/www/html/dmxConnectLib/lib/App.php(173): modules\auth->login(Object(stdClass), ‘identity_copy’)\n#4 /var/www/html/dmxConnectLib/lib/App.php(137): lib\App->execSteps(Object(stdClass))\n#5 /var/www/html/dmxConnectLib/lib/App.php(107): lib\App->execSteps(Array)\n#6 /var/www/html/dmxConnectLib/modules/core.php(90): lib\App->exec(Object(stdClass), true)\n#7 /var/www/html/dmxConnectLib/lib/App.php(173): modules\core->condition(Object(stdClass), ‘’)\n#8 /var/www/html/dmxConnectLib/lib/App.php(137): lib\App->execSteps(Object(stdClass))\n#9 /var/www/html/dmxConnectLib/lib/App.php(107): lib\App->execSteps(Array)\n#10 /var/www/html/dmxConnectLib/lib/App.php(72): lib\App->exec(Object(stdClass))\n#11 /var/www/html/dmxConnect/api/security/login_2FA_step.php(8): lib\App->define(Object(stdClass))\n#12 {main}”

Could this be caused by the fact that I run this on a non-secure localhost (so not https)?

Any advice is highly appreciated.

Also, if I do find answers I’ll be sure to share it here.

Thanks!

According to your trace…
You should get more context looking at line 8 of that file /var/www/html/dmxConnect/api/security/login_2FA_step.php

If you don’t know where to start, I’d edit that php file and dump the variables at that portion of the code into a log file. It would give you a better understanding at what is happening.

Unfortunately, debugging has never been one of Wappler’s strength. :confused: