this admin https://mysite.com/admin
Em sex., 1 de set. de 2023 às 16:08, Jim S <[email protected]> escreveu: > What does 'administrator password' mean to you? > > I'm not sure what you're referring to > > -Jim > > On Friday, September 1, 2023 at 9:53:43 AM UTC-5 Ramos wrote: > >> Hello Jim >> this line of code >> *auth.settings.auth_two_factor_enabled = True* >> *does not protect the administrator password. Only created users.* >> *That is my question, how to force administrator to use 2fa ?* >> *regards* >> *António* >> >> Em sex., 1 de set. de 2023 às 15:00, Jim S <[email protected]> escreveu: >> >>> Here is the code I wrote that only enforced 2fa for users outside our >>> local networks. >>> >>> There is some commented out code there that additionally allowed me to >>> specify users in a group so only that group was force to 2fa >>> >>> def _two_factor_required(auth_user): >>> """ >>> check whether we need to enforce MFA on this login >>> >>> We enforce MFA only on logins external to our network. >>> >>> Returns >>> ------- >>> bool - enforce MFA >>> - True means this login requires MFA >>> - False means we will not enforce MFA for this login >>> """ >>> import ipaddress >>> >>> return False # temp use to disable mfa >>> >>> if len(request.args) > 0 and request.args[0] == "login": >>> if auth_user.mfa_override and datetime.datetime.now() <= >>> auth_user.mfa_override: >>> # no mfa required if the user override is set - we added >>> a field in auth_user to allow us to override if a user was having trouble >>> or lost their phone or something >>> return False >>> >>> qlf_networks = [ >>> "9.9.9.9/22", >>> "9.9.9.0/24", >>> "9.9.9.101/24", >>> ] >>> >>> ip_list = [] >>> for range in qlf_networks: >>> ip_list.extend(ipaddress.IPv4Network(unicode(range))) >>> >>> if ipaddress.IPv4Address(unicode(request.client)) in ip_list: >>> # if the client address is in the local address list, then >>> do NOT require MFA so set to False >>> return_value = False >>> >>> # build the MFA Required group members >>> # if return_value: >>> # print(datetime.datetime.now()) >>> # ag = db(db.auth_group.role == "MFA Required >>> (web2py)").select().first() >>> # if not ag: >>> # ag = db.auth_group.insert("MFA Required (web2py)") >>> # for ou in db( >>> # (db.auth_user.active == True) >>> # | ( >>> # (db.auth_user.mfa_override == None) >>> # & (db.auth_user.mfa_override <= >>> datetime.datetime.now()) >>> # ) >>> # ).select(): >>> # db.auth_membership.update_or_insert(user_id=ou.id, >>> group_id=ag) >>> # >>> # # clear out any members that are currently exempt from MFA >>> # if ag: >>> # for exempt_user in db( >>> # (db.auth_user.mfa_override >= >>> datetime.datetime.now()) >>> # & (db.auth_user.active == True) >>> # ).select(): >>> # db( >>> # (db.auth_membership.group_id == ag.id) >>> # & (db.auth_membership.user_id == >>> exempt_user.id) >>> # ).delete() >>> # db.commit() >>> # >>> # print(datetime.datetime.now()) >>> # >>> # # set to False to force web2py to check the >>> two_factor_authentication group >>> # return_value = False >>> >>> That code is in db.py >>> >>> Then.... >>> >>> auth.settings.auth_two_factor_enabled = lambda user: >>> _two_factor_required(user) >>> auth.messages.two_factor_comment = "QLF MFA - you have been sent a code" >>> auth.settings.two_factor_methods = [ >>> lambda user, auth_two_factor: _send_sms(user, auth_two_factor) >>> ] >>> >>> My _send_sms code built and sms and sent it via Twilio or RingCentral >>> >>> I wrote this code, but then we ended up not implementing. The web2py >>> code is going away for us. All the same concepts work in py4web (nudge >>> wink wink) >>> >>> -Jim >>> >>> >>> >>> On Friday, September 1, 2023 at 5:24:53 AM UTC-5 Ramos wrote: >>> >>>> Anyone can help me ? >>>> >>>> Em qua., 30 de ago. de 2023 às 10:14, António Ramos <[email protected]> >>>> escreveu: >>>> >>>>> in other words, how do i protect the administrator password? it does >>>>> not have a username , just a password. This is scary :) >>>>> >>>>> >>>>> Em ter., 29 de ago. de 2023 às 19:44, António Ramos < >>>>> [email protected]> escreveu: >>>>> >>>>>> But that is for everyone, i just want to start with users with admin >>>>>> powers >>>>>> >>>>>> Clemens <[email protected]> escreveu em ter., 29/08/2023 >>>>>> às 18:25 : >>>>>> >>>>>>> Try enabling 2FA via the following setting, since this is for all >>>>>>> users: >>>>>>> *auth.settings.auth_two_factor_enabled = True* >>>>>>> >>>>>>> Regards >>>>>>> Clemens >>>>>>> >>>>>>> On Tuesday, August 29, 2023 at 6:09:26 PM UTC+2 Ramos wrote: >>>>>>> >>>>>>>> i just activated the two step auth with this >>>>>>>> >>>>>>>> auth.settings.two_factor_authentication_group = "auth2step" >>>>>>>> >>>>>>>> >>>>>>>> but now how do i include the administrator user ? >>>>>>>> >>>>>>>> regards >>>>>>>> António >>>>>>>> >>>>>>> -- >>>>>>> Resources: >>>>>>> - http://web2py.com >>>>>>> - http://web2py.com/book (Documentation) >>>>>>> - http://github.com/web2py/web2py (Source code) >>>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "web2py-users" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/web2py/5fe99103-1d14-4b91-80eb-194402c08453n%40googlegroups.com >>>>>>> <https://groups.google.com/d/msgid/web2py/5fe99103-1d14-4b91-80eb-194402c08453n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>> Resources: >>> - http://web2py.com >>> - http://web2py.com/book (Documentation) >>> - http://github.com/web2py/web2py (Source code) >>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "web2py-users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> >> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/web2py/f92a15ab-45f6-41ae-b285-6b717abd3d7fn%40googlegroups.com >>> <https://groups.google.com/d/msgid/web2py/f92a15ab-45f6-41ae-b285-6b717abd3d7fn%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/web2py/c8187486-ebdd-4f18-a4d6-b9a45381fad9n%40googlegroups.com > <https://groups.google.com/d/msgid/web2py/c8187486-ebdd-4f18-a4d6-b9a45381fad9n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CAEM0BxP_8b9tKsK1KoKpubRwijOKDvTrK9nz%3DWbjPBnUCAyc5A%40mail.gmail.com.
