GAuthx enables the use of the Google Authenticator mobile app for 2-factor-authentication in conjunction with Shaun McCormick's Login Snippet This Extra contains two snippets, one to generate secrets and present a QR-Code for scanning the secret. The other is used as a Login PreHook to validate codes when a user attempts to login.
The system also includes a class for preventing replay-attack's by making sure that previously used codes cannot be reused.
You can install GAuthx via the standard MODx package manager.
A demo of the GAuthx snippet can be found at: http://demo.nickclark.ca/gauthx-demo.html
GAuthx creates a new Auth Secret for the currently logged in user, and provides them with a QR Code that can be scanned by any 2 Factor Authentication app.
Once the QR Code or Auth Secret has been inputed into the app, the user must then validate the token is set up correctly and working by using the supplied validation form. If the token supplied by the user validates, the auth secret will then be accociated with that users account and they will be required to use their authentication token upon each login going forward.
GAuthx only has two available properties currently.
| Name | Type | Default | Description |
|---|---|---|---|
| responseTpl | Optional / String | GAuthxResponse | Chunk name used to format the response message |
| tpl | Optional / String | GAuthxTpl | Chunk name used to format QR Code and Verification Form |
[[!GAuthx? &responseTpl=`GAuthxResponseTpl` &tpl=`GAuthxTpl`]]
This Snippet is to be useds as a PRE-Hook for Shaun McCormick's snippet "Login" - it allows for you to add 2 factor authentication (using google authenticator) to your member only areas in any front-end context on your site.
GAuthxHook currently can be passed the below properties
| Name | Type | Default | Description |
|---|---|---|---|
| tolerance | Optional / Integer | 2 | Sets the amount of time / tolerance you wish the authenticator to allow a provided token to be valid for. |
| historyLimit | Optional / Integer | 10 | Sets the number of provided tokens you wish to be remembered before a token could be used again. |
| loginTpl | Optional / String | GAuthxLoginTpl | Example Tpl for the Login snippet that includes the correct token input feild. |
GAuthxHook is intended to be used as a PreHook for the Login snippet by @Splittingred.
I have also included an example loginTpl that includes the token input.
[[!Login?
&loginTpl=`GAuthxLoginTpl`
&preHooks=`GAuthxHook`
&tolerance=`3`
&historyLimit=`5`
]]
- In order for GAuthxHook to be used you must have first logged into your context (front-end) and used the GAuthx snippet to generate an Auth Secret and set up your 2 factor authentication app.
- Once you have set up your app and have validated your token you will then be required to use 2 factor auth everytime you login to the front end as long as the GAuthx prehook is included in your Login call.
- GAuthxHook also prevents "replay" attacks by keeping a history of the previous tokens you have used and not allowing you to use them again. Using the &historyLimit paramater lets you decide how many tokens it remembers.
- Setting the historyLimit to 0 will disable it, this is not reccomended.
- 2Factor-Authentication is not an end all security solution, it should be combined with other efforts such as securing your pages with SSL.
Please log any bugs / features quests on Github
GAuthx uses the Google Authenticator class by PHPGangsta for generating QR Codes and validating user tokens.