TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 Commits
139 Branches
203 Tags
1.2 GiB
 
 
 
 
 
 
Tag: Branch: Tree: edea7e0b3b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'edea7e0b3b'
${ noResults }
openproject/README.md

94 lines
2.9 KiB
Raw Blame History

# OpenProject Two-factor authentication plugin
Provides two-factor authentication.
## Features
* Let users configure their 2FA devices (SMS to mobile phone, TOTP app-based authenticator) through their My Account
* Force users to have 2FA present on their accounts during login
## Requirements
The OpenProject 2FA plugin requires the [OpenProject Core](https://github.com/opf/openproject/) to be in the same version as the plugin.
# Installation
To install the OpenProject 2FA plugin you need to add the following line to the `Gemfile.plugins` in your OpenProject folder (if you use a different OpenProject version than OpenProject 7, adapt `:branch => "stable/7"` to your OpenProject version):
`gem "openproject-two_factor_authentication", git: "https://github.com/opf/openproject-two_factor_authentication", :branch => "stable/7"`
Afterwards, run:
`bundle install`
### Setup
Enable the strategy of your choice through the configuration
**totp**
TOTP-based strategy for app-based authenticators such as [Google Authenticator](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=de) or [Authy](https://authy.com/).
**sns**
Amazon SNS based strategy for delivery of SMS tokens. You need an active access key and secret to send SNS. To configure the strategies, use the following YAML code.
### Enforcing users to have 2FA present
By default, this plugin enables users to add 2FA devices through their 'My account' page.
If you want all users of your instance to have 2FA enabled, set the `enforced: true` configuration flag.
Then, all users will require to register a device to complete authentication / activation of their account. They also cannot delete their default device.
``` yaml
2fa:
active_strategies: [sns, totp]
enforced: false
sns:
region: 'eu-west-1'
access_key_id: 'aws key id'
secret_access_key: 'aws secret'
```
or set the ENV variables
```
OPENPROJECT_2FA_ACTIVE__STRATEGIES="[sns,totp]"
OPENPROJECT_2FA_ENFORCED="false"
OPENPROJECT_2FA_SNS_REGION="eu-west-1"
OPENPROJECT_2FA_SNS_ACCESS__KEY__ID="keyid"
OPENPROJECT_2FA_SNS_SECRET__ACCESS__KEY='secret'
```
## Deinstallation
Remove the line
`gem "openproject-two_factor_authentication", git: "https://github.com/opf/openproject-two_factor_authentication", :branch => "stable/7"`
from the file `Gemfile.plugins` and run:
`bundle install`
Bug Reporting
-------------
If you find any bugs, you can create a bug ticket at
https://openproject.org/projects/two-factor-authentication
Development
-----------
To contribute, you can create pull request on the official repository at
`https://github.com/opf/openproject-two_factor_authentication`
## Development
For development you only have to make sure that:
1. The strategy is enabled in the configuration
``` yaml
2fa:
active_strategies: [developer]
```
or set the ENV variable `OPENPROJECT_2FA_ACTIVE__STRATEGIES=[developer]`.