Main Koha release repository https://koha-community.org
Find a file
Jonathan Druart b93e15c235
Bug 30588: Add the option to require 2FA setup on first staff login
Bug 28786 added the ability to turn on a two-factor authentication,
using a One Time Password (OTP).
Once enabled on the system, librarian had the choice to enable or
disable it for themselves.
For security reason an administrator could decide to force the
librarians to use this second authentication step.

This patch adds a third option to the existing syspref, 'Enforced', for
that purpose.

QA notes: the code we had in the members/two_factor_auth.pl controller
has been moved to REST API controller methods (with their tests and
swagger specs), for reusability reason. Code from template has been
moved to an include file for the same reason.

Test plan:
A. Regression tests
As we modified the code we need first to confirm the existing features
are still working as expected.
1. Turn off TwoFactorAuthentication (disabled) and confirm that you are not able to
enable and access the second authentication step
2. Turn it on (enabled) and confirm that you are able to enable it in your account
3. Logout and confirm then that you are able to login into Koha

B. The new option
1. Set the pref to "enforced"
2. You are not logged out, logged in users stay logged in
3. Pick a user that does not have 2FA setup, login
4. Notice the new screen (UI is a bit ugly, suggestions welcomed)
5. Try to access Koha without enabling 2FA, you shouldn't be able to
access any pages
6. Setup 2FA and confirm that you are redirected to the login screen
7. Login, send the correct pin code
=> You are fully logged in!

Note that at 6 we could redirect to the mainpage, without the need to
login again, but I think it's preferable to reduce the change to
C4::Auth. If it's considered mandatory by QA I could have a look on
another bug report.

Sponsored-by: Rijksmuseum, Netherlands

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-10-21 11:36:57 -03:00
acqui Bug 31569: Remove unecessary imports 2022-10-17 08:14:57 -03:00
admin Bug 31693: Remove non-existent fields from the See-also-from index (Elasticsearch, MARC21) 2022-10-21 11:33:35 -03:00
api Bug 30588: Add the option to require 2FA setup on first staff login 2022-10-21 11:36:57 -03:00
authorities Bug 29333: Fix encoding of imported UNIMARC authorities 2022-07-08 15:43:33 -03:00
basket Bug 31309: Remove GetItemsInfo from basket/sendbasket 2022-08-16 09:22:14 -03:00
bin Bug 20582: Turn Koha into a Mojolicious application 2020-10-06 12:00:04 +02:00
C4 Bug 30588: Add the option to require 2FA setup on first staff login 2022-10-21 11:36:57 -03:00
catalogue Bug 17170: Add admin page for filters and ability to edit/save existing filters 2022-10-21 11:15:16 -03:00
cataloguing Bug 29662: (bug 27526 follow-up) Prefill all subfields if SubfieldsToUseWhenPrefill is empty 2022-10-21 11:34:01 -03:00
circ Bug 25426: Allow return policy to be selected via syspref and not just home library 2022-10-18 09:14:52 -03:00
clubs Bug 30718: Use flatpickr's altInput 2022-08-19 08:26:31 -03:00
course_reserves Bug 30409: barcodedecode() should always trim barcode 2022-06-14 07:54:58 -03:00
debian Bug 27315: use the namespace-aware docbook stylesheet 2022-10-17 21:10:06 -03:00
docs Bug 30808: Add the 22.05 release team. 2022-05-25 23:56:12 -10:00
errors Bug 29420: HTTP status code incorrect when calling error pages directly under Plack/PSGI 2022-04-20 09:03:39 -10:00
etc Bug 31469: log4perl.conf: Add %n to conversionpattern for Plack 2022-10-12 14:58:40 -03:00
ill Bug 28909: Allow illview to use backend template 2022-08-09 13:21:39 -03:00
installer Bug 30588: Add 'enforced' option to TwoFactorAuthentication 2022-10-21 11:36:56 -03:00
Koha Bug 30588: Add the option to require 2FA setup on first staff login 2022-10-21 11:36:57 -03:00
koha-tmpl Bug 30588: Add the option to require 2FA setup on first staff login 2022-10-21 11:36:57 -03:00
labels Bug 31633: (follow-up) Group template params 2022-10-03 14:09:59 -03:00
lib/CGI/Session/Serialize Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
members Bug 30588: Add the option to require 2FA setup on first staff login 2022-10-21 11:36:57 -03:00
misc Bug 27265: (QA follow-up) Typo on L99 cron script 2022-10-17 21:11:41 -03:00
offline_circ Bug 30016: Remove GetOpenIssue subroutine 2022-08-31 08:50:37 -03:00
opac Bug 17170: Add search filters to staff and opac interfaces 2022-10-21 11:15:15 -03:00
patron_lists Bug 16446: Add ability to add patrons to list by borrowernumber 2021-10-21 12:24:04 +02:00
patroncards Bug 24001: Fix patron card template edition 2022-04-28 10:49:20 -10:00
plugins Bug 29787: Add plugin version to plugin search results 2022-04-08 15:49:15 +02:00
pos Bug 30619: Add email receipt to POS 2022-09-07 15:59:34 -07:00
recalls Bug 30924: Add missing branchtransfers.reason value for recall cancellation 2022-06-13 10:30:51 -03:00
reports Bug 28967: Patrons with no checkouts report shows patrons from other libraries with IndependentBranches 2022-10-17 08:10:59 -03:00
reserve Bug 31575: Missing warning for holds where AllowHoldPolicyOverride can be used to force a hold to be placed 2022-10-11 10:12:35 -03:00
reviews Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
rotating_collections Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
serials Bug 29608: Made so doesn't require full permission 2022-09-07 13:49:53 -07:00
services Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
skel Bug 11078: Add locking to rebuild_zebra 2014-02-28 22:21:41 +00:00
suggestion Bug 30718: Use flatpickr's altInput 2022-08-19 08:26:31 -03:00
svc Bug 31682: Silence automatic linker warn 2022-10-11 10:41:23 -03:00
t Bug 30588: Adjust existing occurrences of TwoFactorAuthentication 2022-10-21 11:36:56 -03:00
tags Bug 30718: Use flatpickr's altInput 2022-08-19 08:26:31 -03:00
tmp/modified_authorities
tools Bug 31590: Remove Text::CSV::Unicode 2022-09-21 16:07:21 -03:00
virtualshelves Bug 28375: (follow-up) Use C4::Context->interface 2022-10-20 11:50:53 -03:00
xt Bug 31590: Remove Text::CSV::Unicode 2022-09-21 16:07:21 -03:00
.editorconfig Bug 27375: Set YAML file settings in .editorconfig 2021-11-03 15:40:52 +01:00
.eslintrc.json
.gitignore
.htaccess Fix file permissions: if it is not a script, it should not be executable. 2010-04-16 00:40:34 -04:00
.mailmap 22.05.00: Update mailmap 2022-05-25 23:56:12 -10:00
.perlcriticrc Bug 25898: Prohibit indirect object notation 2020-10-15 12:56:30 +02:00
.proverc.dist Bug 19821: Install sample data, ES mappings and Version syspref 2021-10-25 11:27:40 +02:00
.stylelintrc.json Bug 31528: (follow-up) A few additional rules 2022-10-03 08:23:15 -03:00
about.pl Bug 29744: (QA follow-up) Call psgi_env in OO style 2022-09-22 08:11:58 -03:00
app.psgi Bug 20582: Fix PSGI file when behind a reverse proxy 2020-10-06 12:00:04 +02:00
changelanguage.pl Bug 25898: Prohibit indirect object notation 2020-10-15 12:56:30 +02:00
cpanfile Bug 31588: Update cpanfile for new OpenAPI versions (master) 2022-10-21 11:32:51 -03:00
fix-perl-path.PL Bug 28606: Remove $DEBUG and $ENV{DEBUG} 2021-06-24 11:53:44 +02:00
gulpfile.js Bug 30373: Enable translation of UNIMARC frameworks 2022-04-21 13:41:35 -10:00
help.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
INSTALL Bug 26617: Update INSTALL file to include koha-testing-docker and Gitlab links 2020-10-15 12:56:30 +02:00
Koha.pm Bug 17170: DBRev 22.06.00.067 2022-10-21 11:19:39 -03:00
koha_perl_deps.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
kohaversion.pl Bug 26384: Fix executable flags 2020-09-11 09:56:56 +02:00
LICENSE
mainpage.pl Bug 30650: Add filter_by_scheduled_today 2022-07-29 15:00:47 -03:00
Makefile.PL Bug 19532: Database and installer stuff 2022-03-14 22:45:50 -10:00
MANIFEST.SKIP
package.json Bug 31528: Replace scss-lint configuration with one for stylelint 2022-10-03 08:23:14 -03:00
README
README.md Bug 27092: Remove note about "synced repo" from README.md 2020-11-25 16:31:58 +01:00
README.robots Bug 6411 add another example to README.robots 2011-07-05 14:48:05 +12:00
rewrite-config.PL Bug 28519: Put CGI::Session::Serialize::yamlxs in lib directory 2021-06-17 10:07:36 +02:00
yarn.lock Bug 31528: Replace scss-lint configuration with one for stylelint 2022-10-03 08:23:14 -03:00

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo