What does 'administrator password' mean to you? I'm not sure what you're referring to
-Jim On Friday, September 1, 2023 at 9:53:43 AM UTC-5 Ramos wrote: > Hello Jim > this line of code > *auth.settings.auth_two_factor_enabled = True* > *does not protect the administrator password. Only created users.* > *That is my question, how to force administrator to use 2fa ?* > *regards* > *António* > > Em sex., 1 de set. de 2023 às 15:00, Jim S <ato....@gmail.com> escreveu: > >> Here is the code I wrote that only enforced 2fa for users outside our >> local networks. >> >> There is some commented out code there that additionally allowed me to >> specify users in a group so only that group was force to 2fa >> >> def _two_factor_required(auth_user): >> """ >> check whether we need to enforce MFA on this login >> >> We enforce MFA only on logins external to our network. >> >> Returns >> ------- >> bool - enforce MFA >> - True means this login requires MFA >> - False means we will not enforce MFA for this login >> """ >> import ipaddress >> >> return False # temp use to disable mfa >> >> if len(request.args) > 0 and request.args[0] == "login": >> if auth_user.mfa_override and datetime.datetime.now() <= >> auth_user.mfa_override: >> # no mfa required if the user override is set - we added a >> field in auth_user to allow us to override if a user was having trouble or >> lost their phone or something >> return False >> >> qlf_networks = [ >> "9.9.9.9/22", >> "9.9.9.0/24", >> "9.9.9.101/24", >> ] >> >> ip_list = [] >> for range in qlf_networks: >> ip_list.extend(ipaddress.IPv4Network(unicode(range))) >> >> if ipaddress.IPv4Address(unicode(request.client)) in ip_list: >> # if the client address is in the local address list, then >> do NOT require MFA so set to False >> return_value = False >> >> # build the MFA Required group members >> # if return_value: >> # print(datetime.datetime.now()) >> # ag = db(db.auth_group.role == "MFA Required >> (web2py)").select().first() >> # if not ag: >> # ag = db.auth_group.insert("MFA Required (web2py)") >> # for ou in db( >> # (db.auth_user.active == True) >> # | ( >> # (db.auth_user.mfa_override == None) >> # & (db.auth_user.mfa_override <= >> datetime.datetime.now()) >> # ) >> # ).select(): >> # db.auth_membership.update_or_insert(user_id=ou.id, >> group_id=ag) >> # >> # # clear out any members that are currently exempt from MFA >> # if ag: >> # for exempt_user in db( >> # (db.auth_user.mfa_override >= >> datetime.datetime.now()) >> # & (db.auth_user.active == True) >> # ).select(): >> # db( >> # (db.auth_membership.group_id == ag.id) >> # & (db.auth_membership.user_id == exempt_user.id >> ) >> # ).delete() >> # db.commit() >> # >> # print(datetime.datetime.now()) >> # >> # # set to False to force web2py to check the >> two_factor_authentication group >> # return_value = False >> >> That code is in db.py >> >> Then.... >> >> auth.settings.auth_two_factor_enabled = lambda user: >> _two_factor_required(user) >> auth.messages.two_factor_comment = "QLF MFA - you have been sent a code" >> auth.settings.two_factor_methods = [ >> lambda user, auth_two_factor: _send_sms(user, auth_two_factor) >> ] >> >> My _send_sms code built and sms and sent it via Twilio or RingCentral >> >> I wrote this code, but then we ended up not implementing. The web2py >> code is going away for us. All the same concepts work in py4web (nudge >> wink wink) >> >> -Jim >> >> >> >> On Friday, September 1, 2023 at 5:24:53 AM UTC-5 Ramos wrote: >> >>> Anyone can help me ? >>> >>> Em qua., 30 de ago. de 2023 às 10:14, António Ramos <ramst...@gmail.com> >>> escreveu: >>> >>>> in other words, how do i protect the administrator password? it does >>>> not have a username , just a password. This is scary :) >>>> >>>> >>>> Em ter., 29 de ago. de 2023 às 19:44, António Ramos <ramst...@gmail.com> >>>> escreveu: >>>> >>>>> But that is for everyone, i just want to start with users with admin >>>>> powers >>>>> >>>>> Clemens <clemens....@claret-clover.de> escreveu em ter., 29/08/2023 >>>>> às 18:25 : >>>>> >>>>>> Try enabling 2FA via the following setting, since this is for all >>>>>> users: >>>>>> *auth.settings.auth_two_factor_enabled = True* >>>>>> >>>>>> Regards >>>>>> Clemens >>>>>> >>>>>> On Tuesday, August 29, 2023 at 6:09:26 PM UTC+2 Ramos wrote: >>>>>> >>>>>>> i just activated the two step auth with this >>>>>>> >>>>>>> auth.settings.two_factor_authentication_group = "auth2step" >>>>>>> >>>>>>> >>>>>>> but now how do i include the administrator user ? >>>>>>> >>>>>>> regards >>>>>>> António >>>>>>> >>>>>> -- >>>>>> Resources: >>>>>> - http://web2py.com >>>>>> - http://web2py.com/book (Documentation) >>>>>> - http://github.com/web2py/web2py (Source code) >>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "web2py-users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to web2py+un...@googlegroups.com. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/web2py/5fe99103-1d14-4b91-80eb-194402c08453n%40googlegroups.com >>>>>> >>>>>> <https://groups.google.com/d/msgid/web2py/5fe99103-1d14-4b91-80eb-194402c08453n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to web2py+un...@googlegroups.com. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/web2py/f92a15ab-45f6-41ae-b285-6b717abd3d7fn%40googlegroups.com >> >> <https://groups.google.com/d/msgid/web2py/f92a15ab-45f6-41ae-b285-6b717abd3d7fn%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/c8187486-ebdd-4f18-a4d6-b9a45381fad9n%40googlegroups.com.