[jira] [Comment Edited] (GUACAMOLE-770) Allow for clearing TOTP Data in Admin Interface

2019-07-01 Thread Welyqrson Bastos Amaral (JIRA) 


[ 
https://issues.apache.org/jira/browse/GUACAMOLE-770?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16876232#comment-16876232
 ] 

Welyqrson Bastos Amaral edited comment on GUACAMOLE-770 at 7/1/19 3:11 PM:
---

I see that if you change the attribute_value attribute in the 
guacamole_user_attribute table ... it asks for the device confirmation again 
... if you can add an option to change that key next to the user record it 
might be enough to resolve the issue.

the update I ran was this:

{color:#ff}{{[UPDATE|http://192.168.4.193/phpmyadmin/url.php?url=http://dev.mysql.com/doc/refman/5.5/en/update.html]
 `guacamole_user_attribute` 
[SET|http://192.168.4.193/phpmyadmin/url.php?url=http://dev.mysql.com/doc/refman/5.5/en/set.html]
 `attribute_value` = 'false' WHERE `guacamole_user_attribute`.`user_id` = 3 
[AND|http://192.168.4.193/phpmyadmin/url.php?url=http://dev.mysql.com/doc/refman/5.5/en/logical-operators.html#operator_and]
 `guacamole_user_attribute`.`attribute_name` = 
'guac-totp-key-confirmed';}}{color}

{{The point I found a bit complex is to identify the correct user ... but it 
was ... in my case it solved.}}

 


was (Author: welyqrson):
Obeservo that if you change the attribute_value attribute in the 
guacamole_user_attribute table ... it asks again for the confirmation of the 
device ... if you can add an option to change this key next to the user's 
registry maybe it is enough to solve the question.

the update I ran was this:

{color:#FF}{{[UPDATE|http://192.168.4.193/phpmyadmin/url.php?url=http://dev.mysql.com/doc/refman/5.5/en/update.html]
 `guacamole_user_attribute` 
[SET|http://192.168.4.193/phpmyadmin/url.php?url=http://dev.mysql.com/doc/refman/5.5/en/set.html]
 `attribute_value` = 'false' WHERE `guacamole_user_attribute`.`user_id` = 3 
[AND|http://192.168.4.193/phpmyadmin/url.php?url=http://dev.mysql.com/doc/refman/5.5/en/logical-operators.html#operator_and]
 `guacamole_user_attribute`.`attribute_name` = 
'guac-totp-key-confirmed';}}{color}

{{The point I found a bit complex is to identify the correct user ... but it 
was ... in my case it solved.}}

 

> Allow for clearing TOTP Data in Admin Interface
> ---
>
> Key: GUACAMOLE-770
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-770
> Project: Guacamole
>  Issue Type: Improvement
>  Components: guacamole-auth-totp
>Reporter: Nick Couchman
>Priority: Minor
>
> Currently the TOTP attributes for a particular user are completely hidden 
> from the Administrative interface, even to admin-level users.  While hiding 
> this data is sound security practice - there is no reason why any user, 
> including an admin, within Guacamole would need to actually see the "key 
> material" for the TOTP token, it might be nice to come up with some way to 
> allow that data to be cleared from within the Admin UI such that a user's 
> TOTP status could be "reset," allowing that user to re-enroll.  I'm not sure 
> this is really possible with any of the current field types, but I'm thinking 
> perhaps there is some sort of new field type within Guacamole that could be 
> generated, perhaps specific to the TOTP module, that would allow for clearing 
> out this data.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Comment Edited] (GUACAMOLE-770) Allow for clearing TOTP Data in Admin Interface

2019-06-28 Thread Welyqrson Bastos Amaral (JIRA) 


[ 
https://issues.apache.org/jira/browse/GUACAMOLE-770?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16874948#comment-16874948
 ] 

Welyqrson Bastos Amaral edited comment on GUACAMOLE-770 at 6/28/19 2:11 PM:


Olá também observei isso, estou instalando sistema em uma base de testes aqui 
para implementar... e me deparei com isso. Como resetar um touch de um usuário 
que por ventura tenha perdido o dispositivo.

" Hello also I noticed this, I am installing system on a test base here to 
implement ... and I came across this. How to reset a touch of a user who may 
have lost the device. "


was (Author: welyqrson):
Olá também observei isso, estou instalando sistema em uma base de testes aqui 
para implementar... e me deparei com isso. Como resetar um touch de um usuário 
que por ventura tenha perdido o dispositivo.

 

> Allow for clearing TOTP Data in Admin Interface
> ---
>
> Key: GUACAMOLE-770
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-770
> Project: Guacamole
>  Issue Type: Improvement
>  Components: guacamole-auth-totp
>Reporter: Nick Couchman
>Priority: Minor
>
> Currently the TOTP attributes for a particular user are completely hidden 
> from the Administrative interface, even to admin-level users.  While hiding 
> this data is sound security practice - there is no reason why any user, 
> including an admin, within Guacamole would need to actually see the "key 
> material" for the TOTP token, it might be nice to come up with some way to 
> allow that data to be cleared from within the Admin UI such that a user's 
> TOTP status could be "reset," allowing that user to re-enroll.  I'm not sure 
> this is really possible with any of the current field types, but I'm thinking 
> perhaps there is some sort of new field type within Guacamole that could be 
> generated, perhaps specific to the TOTP module, that would allow for clearing 
> out this data.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)