Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Two Factor authentication with SMS and Email providers #195

Closed
tatarincev opened this issue Jan 28, 2019 · 2 comments
Closed

Add Two Factor authentication with SMS and Email providers #195

tatarincev opened this issue Jan 28, 2019 · 2 comments
Assignees
@tatarincev @yecli
Labels
Epic

Comments

@tatarincev
Copy link
Contributor

tatarincev commented Jan 28, 2019
edited
Loading

Use this article to add 2FA into storefront.
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/2fa?view=aspnetcore-1.1

User cabinet

User stories

  • As User I want to enable/disable Two Factor authentication in my cabinet
  • As User I want to add / change my phone number only after confirming the code received via SMS

Technical details:

  • Extend the current user cabinet "Profile" section in the default theme with two new fields
  • Phone number (add, change, remove) and Two Factor Authentication (on/off)
    image
    image
  • Need to add the new storefront API for these requriements:
    POST storefrontapi/account/phonenumber - for add/change phone number (only after verification)
    POST storefrontapi/account/phonenumber/verify - for verify phone number
    DELETE storefrontapi/account/phonenumber - for delete phone number
    POST storefrontapi/account/twofactorauthentification - for on/off 2FA

Login form

User stories:

  • As User I want to login in the store only after confirming the code received via SMS if Two factor authentication is enabled in my cabinet.

Technical details:

SMS providers and configuration

Need to add the two SMS providers (twilo and ASPSMS) as well as in this example but with one exception, I would like to have personal options and configuration for each providers and choose appropriate by checking configuration section.
https://github.com/aspnet/Docs/tree/master/aspnetcore/security/authentication/2fa/sample/Web2FA/Services
@tatarincev tatarincev added this to the Operations milestone Jan 28, 2019
@artem-dudarev
Copy link
Contributor

I think sending 2FA codes by SMS or email is a secondary task.
The more important thing is to allow user to generate codes by his own TOTP device or application (e.g. Google Authenticator)
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-enable-qrcodes?view=aspnetcore-2.2

@yecli yecli added the Epic label Jan 28, 2019
@yecli yecli self-assigned this Feb 6, 2019
@tatarincev
Copy link
Contributor Author

Released https://github.com/VirtoCommerce/vc-storefront-core/releases/tag/v4.0.0.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tatarincev tatarincev

@yecli yecli

Labels
Epic
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tatarincev @artem-dudarev @yecli