What does 'administrator password' mean to you?
I'm not sure what you're referring to
-Jim
On Friday, September 1, 2023 at 9:53:43 AM UTC-5 Ramos wrote:
> Hello Jim
> this line of code
> *auth.settings.auth_two_factor_enabled = True*
> *does not protect the administrator password. Only created users.*
> *That is my question, how to force administrator to use 2fa ?*
> *regards*
> *António*
>
> Em sex., 1 de set. de 2023 às 15:00, Jim S <ato....@gmail.com> escreveu:
>
>> Here is the code I wrote that only enforced 2fa for users outside our
>> local networks.
>>
>> There is some commented out code there that additionally allowed me to
>> specify users in a group so only that group was force to 2fa
>>
>> def _two_factor_required(auth_user):
>> """
>> check whether we need to enforce MFA on this login
>>
>> We enforce MFA only on logins external to our network.
>>
>> Returns
>> -------
>> bool - enforce MFA
>> - True means this login requires MFA
>> - False means we will not enforce MFA for this login
>> """
>> import ipaddress
>>
>> return False # temp use to disable mfa
>>
>> if len(request.args) > 0 and request.args[0] == "login":
>> if auth_user.mfa_override and datetime.datetime.now() <=
>> auth_user.mfa_override:
>> # no mfa required if the user override is set - we added a
>> field in auth_user to allow us to override if a user was having trouble or
>> lost their phone or something
>> return False
>>
>> qlf_networks = [
>> "9.9.9.9/22",
>> "9.9.9.0/24",
>> "9.9.9.101/24",
>> ]
>>
>> ip_list = []
>> for range in qlf_networks:
>> ip_list.extend(ipaddress.IPv4Network(unicode(range)))
>>
>> if ipaddress.IPv4Address(unicode(request.client)) in ip_list:
>> # if the client address is in the local address list, then
>> do NOT require MFA so set to False
>> return_value = False
>>
>> # build the MFA Required group members
>> # if return_value:
>> # print(datetime.datetime.now())
>> # ag = db(db.auth_group.role == "MFA Required
>> (web2py)").select().first()
>> # if not ag:
>> # ag = db.auth_group.insert("MFA Required (web2py)")
>> # for ou in db(
>> # (db.auth_user.active == True)
>> # | (
>> # (db.auth_user.mfa_override == None)
>> # & (db.auth_user.mfa_override <=
>> datetime.datetime.now())
>> # )
>> # ).select():
>> # db.auth_membership.update_or_insert(user_id=ou.id,
>> group_id=ag)
>> #
>> # # clear out any members that are currently exempt from MFA
>> # if ag:
>> # for exempt_user in db(
>> # (db.auth_user.mfa_override >=
>> datetime.datetime.now())
>> # & (db.auth_user.active == True)
>> # ).select():
>> # db(
>> # (db.auth_membership.group_id == ag.id)
>> # & (db.auth_membership.user_id == exempt_user.id
>> )
>> # ).delete()
>> # db.commit()
>> #
>> # print(datetime.datetime.now())
>> #
>> # # set to False to force web2py to check the
>> two_factor_authentication group
>> # return_value = False
>>
>> That code is in db.py
>>
>> Then....
>>
>> auth.settings.auth_two_factor_enabled = lambda user:
>> _two_factor_required(user)
>> auth.messages.two_factor_comment = "QLF MFA - you have been sent a code"
>> auth.settings.two_factor_methods = [
>> lambda user, auth_two_factor: _send_sms(user, auth_two_factor)
>> ]
>>
>> My _send_sms code built and sms and sent it via Twilio or RingCentral
>>
>> I wrote this code, but then we ended up not implementing. The web2py
>> code is going away for us. All the same concepts work in py4web (nudge
>> wink wink)
>>
>> -Jim
>>
>>
>>
>> On Friday, September 1, 2023 at 5:24:53 AM UTC-5 Ramos wrote:
>>
>>> Anyone can help me ?
>>>
>>> Em qua., 30 de ago. de 2023 às 10:14, António Ramos <ramst...@gmail.com>
>>> escreveu:
>>>
>>>> in other words, how do i protect the administrator password? it does
>>>> not have a username , just a password. This is scary :)
>>>>
>>>>
>>>> Em ter., 29 de ago. de 2023 às 19:44, António Ramos <ramst...@gmail.com>
>>>> escreveu:
>>>>
>>>>> But that is for everyone, i just want to start with users with admin
>>>>> powers
>>>>>
>>>>> Clemens <clemens....@claret-clover.de> escreveu em ter., 29/08/2023
>>>>> às 18:25 :
>>>>>
>>>>>> Try enabling 2FA via the following setting, since this is for all
>>>>>> users:
>>>>>> *auth.settings.auth_two_factor_enabled = True*
>>>>>>
>>>>>> Regards
>>>>>> Clemens
>>>>>>
>>>>>> On Tuesday, August 29, 2023 at 6:09:26 PM UTC+2 Ramos wrote:
>>>>>>
>>>>>>> i just activated the two step auth with this
>>>>>>>
>>>>>>> auth.settings.two_factor_authentication_group = "auth2step"
>>>>>>>
>>>>>>>
>>>>>>> but now how do i include the administrator user ?
>>>>>>>
>>>>>>> regards
>>>>>>> António
>>>>>>>
>>>>>> --
>>>>>> Resources:
>>>>>> - http://web2py.com
>>>>>> - http://web2py.com/book (Documentation)
>>>>>> - http://github.com/web2py/web2py (Source code)
>>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>>>>> ---
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "web2py-users" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to web2py+un...@googlegroups.com.
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/d/msgid/web2py/5fe99103-1d14-4b91-80eb-194402c08453n%40googlegroups.com
>>>>>>
>>>>>> <https://groups.google.com/d/msgid/web2py/5fe99103-1d14-4b91-80eb-194402c08453n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>>
>>>>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to web2py+un...@googlegroups.com.
>>
> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/web2py/f92a15ab-45f6-41ae-b285-6b717abd3d7fn%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/web2py/f92a15ab-45f6-41ae-b285-6b717abd3d7fn%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/web2py/c8187486-ebdd-4f18-a4d6-b9a45381fad9n%40googlegroups.com.
