Removing the admin app as well as the appadmin controllers should kill all options of administration. Move these to two to a folder away from web2py. And then you can still call https://.../admin/site or https://.../appadmin?
On Friday, September 1, 2023 at 6:44:31 PM UTC+2 Ramos wrote: > yes i tried it on the admin app and it just does not work. > :) > > > Em sex., 1 de set. de 2023 às 16:53, Jim S <[email protected]> escreveu: > >> So, are you trying to protect the 'admin' application with 2fa? >> >> If so, can you add the 2fa code to the admin app? >> >> I haven't tried this before >> >> On Friday, September 1, 2023 at 10:24:29 AM UTC-5 Ramos wrote: >> >>> this admin >>> >>> https://mysite.com/admin >>> >>> Em sex., 1 de set. de 2023 às 16:08, Jim S <[email protected]> escreveu: >>> >>>> What does 'administrator password' mean to you? >>>> >>>> I'm not sure what you're referring to >>>> >>>> -Jim >>>> >>>> On Friday, September 1, 2023 at 9:53:43 AM UTC-5 Ramos wrote: >>>> >>>>> Hello Jim >>>>> this line of code >>>>> *auth.settings.auth_two_factor_enabled = True* >>>>> *does not protect the administrator password. Only created users.* >>>>> *That is my question, how to force administrator to use 2fa ?* >>>>> *regards* >>>>> *António* >>>>> >>>>> Em sex., 1 de set. de 2023 às 15:00, Jim S <[email protected]> >>>>> escreveu: >>>>> >>>>>> Here is the code I wrote that only enforced 2fa for users outside our >>>>>> local networks. >>>>>> >>>>>> There is some commented out code there that additionally allowed me >>>>>> to specify users in a group so only that group was force to 2fa >>>>>> >>>>>> def _two_factor_required(auth_user): >>>>>> """ >>>>>> check whether we need to enforce MFA on this login >>>>>> >>>>>> We enforce MFA only on logins external to our network. >>>>>> >>>>>> Returns >>>>>> ------- >>>>>> bool - enforce MFA >>>>>> - True means this login requires MFA >>>>>> - False means we will not enforce MFA for this login >>>>>> """ >>>>>> import ipaddress >>>>>> >>>>>> return False # temp use to disable mfa >>>>>> >>>>>> if len(request.args) > 0 and request.args[0] == "login": >>>>>> if auth_user.mfa_override and datetime.datetime.now() <= >>>>>> auth_user.mfa_override: >>>>>> # no mfa required if the user override is set - we >>>>>> added a field in auth_user to allow us to override if a user was having >>>>>> trouble or lost their phone or something >>>>>> return False >>>>>> >>>>>> qlf_networks = [ >>>>>> "9.9.9.9/22", >>>>>> "9.9.9.0/24", >>>>>> "9.9.9.101/24", >>>>>> ] >>>>>> >>>>>> ip_list = [] >>>>>> for range in qlf_networks: >>>>>> ip_list.extend(ipaddress.IPv4Network(unicode(range))) >>>>>> >>>>>> if ipaddress.IPv4Address(unicode(request.client)) in ip_list: >>>>>> # if the client address is in the local address list, >>>>>> then do NOT require MFA so set to False >>>>>> return_value = False >>>>>> >>>>>> # build the MFA Required group members >>>>>> # if return_value: >>>>>> # print(datetime.datetime.now()) >>>>>> # ag = db(db.auth_group.role == "MFA Required >>>>>> (web2py)").select().first() >>>>>> # if not ag: >>>>>> # ag = db.auth_group.insert("MFA Required (web2py)") >>>>>> # for ou in db( >>>>>> # (db.auth_user.active == True) >>>>>> # | ( >>>>>> # (db.auth_user.mfa_override == None) >>>>>> # & (db.auth_user.mfa_override <= >>>>>> datetime.datetime.now()) >>>>>> # ) >>>>>> # ).select(): >>>>>> # db.auth_membership.update_or_insert(user_id=ou.id, >>>>>> group_id=ag) >>>>>> # >>>>>> # # clear out any members that are currently exempt from >>>>>> MFA >>>>>> # if ag: >>>>>> # for exempt_user in db( >>>>>> # (db.auth_user.mfa_override >= >>>>>> datetime.datetime.now()) >>>>>> # & (db.auth_user.active == True) >>>>>> # ).select(): >>>>>> # db( >>>>>> # (db.auth_membership.group_id == ag.id) >>>>>> # & (db.auth_membership.user_id == >>>>>> exempt_user.id) >>>>>> # ).delete() >>>>>> # db.commit() >>>>>> # >>>>>> # print(datetime.datetime.now()) >>>>>> # >>>>>> # # set to False to force web2py to check the >>>>>> two_factor_authentication group >>>>>> # return_value = False >>>>>> >>>>>> That code is in db.py >>>>>> >>>>>> Then.... >>>>>> >>>>>> auth.settings.auth_two_factor_enabled = lambda user: >>>>>> _two_factor_required(user) >>>>>> auth.messages.two_factor_comment = "QLF MFA - you have been sent a >>>>>> code" >>>>>> auth.settings.two_factor_methods = [ >>>>>> lambda user, auth_two_factor: _send_sms(user, auth_two_factor) >>>>>> ] >>>>>> >>>>>> My _send_sms code built and sms and sent it via Twilio or RingCentral >>>>>> >>>>>> I wrote this code, but then we ended up not implementing. The web2py >>>>>> code is going away for us. All the same concepts work in py4web (nudge >>>>>> wink wink) >>>>>> >>>>>> -Jim >>>>>> >>>>>> >>>>>> >>>>>> On Friday, September 1, 2023 at 5:24:53 AM UTC-5 Ramos wrote: >>>>>> >>>>>>> Anyone can help me ? >>>>>>> >>>>>>> Em qua., 30 de ago. de 2023 às 10:14, António Ramos < >>>>>>> [email protected]> escreveu: >>>>>>> >>>>>>>> in other words, how do i protect the administrator password? it >>>>>>>> does not have a username , just a password. This is scary :) >>>>>>>> >>>>>>>> >>>>>>>> Em ter., 29 de ago. de 2023 às 19:44, António Ramos < >>>>>>>> [email protected]> escreveu: >>>>>>>> >>>>>>>>> But that is for everyone, i just want to start with users with >>>>>>>>> admin powers >>>>>>>>> >>>>>>>>> Clemens <[email protected]> escreveu em ter., >>>>>>>>> 29/08/2023 às 18:25 : >>>>>>>>> >>>>>>>>>> Try enabling 2FA via the following setting, since this is for all >>>>>>>>>> users: >>>>>>>>>> *auth.settings.auth_two_factor_enabled = True* >>>>>>>>>> >>>>>>>>>> Regards >>>>>>>>>> Clemens >>>>>>>>>> >>>>>>>>>> On Tuesday, August 29, 2023 at 6:09:26 PM UTC+2 Ramos wrote: >>>>>>>>>> >>>>>>>>>>> i just activated the two step auth with this >>>>>>>>>>> >>>>>>>>>>> auth.settings.two_factor_authentication_group = "auth2step" >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> but now how do i include the administrator user ? >>>>>>>>>>> >>>>>>>>>>> regards >>>>>>>>>>> António >>>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Resources: >>>>>>>>>> - http://web2py.com >>>>>>>>>> - http://web2py.com/book (Documentation) >>>>>>>>>> - http://github.com/web2py/web2py (Source code) >>>>>>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>>>>>> --- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "web2py-users" group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to [email protected]. >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>> https://groups.google.com/d/msgid/web2py/5fe99103-1d14-4b91-80eb-194402c08453n%40googlegroups.com >>>>>>>>>> >>>>>>>>>> <https://groups.google.com/d/msgid/web2py/5fe99103-1d14-4b91-80eb-194402c08453n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>>> . >>>>>>>>>> >>>>>>>>> -- >>>>>> Resources: >>>>>> - http://web2py.com >>>>>> - http://web2py.com/book (Documentation) >>>>>> - http://github.com/web2py/web2py (Source code) >>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "web2py-users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> >>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/web2py/f92a15ab-45f6-41ae-b285-6b717abd3d7fn%40googlegroups.com >>>>>> >>>>>> <https://groups.google.com/d/msgid/web2py/f92a15ab-45f6-41ae-b285-6b717abd3d7fn%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>>> Resources: >>>> - http://web2py.com >>>> - http://web2py.com/book (Documentation) >>>> - http://github.com/web2py/web2py (Source code) >>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "web2py-users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> >>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/web2py/c8187486-ebdd-4f18-a4d6-b9a45381fad9n%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/web2py/c8187486-ebdd-4f18-a4d6-b9a45381fad9n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/web2py/4d5dc6cd-66c9-42d7-ab5d-78f089987d65n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/web2py/4d5dc6cd-66c9-42d7-ab5d-78f089987d65n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/5961272d-c288-467a-8255-9ec46f2f9288n%40googlegroups.com.
