Well, having a method reporting problems is great. My solution is primarily pragmatic: In case move the controllers in and analyse otherwise having them out of access.
After migrating to py4web I will think of such error mailing controller, sounds interesting. On Friday, September 1, 2023 at 8:07:11 PM UTC+2 Jim S wrote: > And to second your comment, I too have a controller method that allows > users with the proper access, the ability to add additional users. > > The only other reason I would want to access admin is to look at error > messages/tickets. But, I have some method in place to read the error > messages and forward them to me in an email. > > > -Jim > > > > On Friday, September 1, 2023 at 1:04:47 PM UTC-5 Jim S wrote: > >> If I try to go to admin/appadmin web2py returns: >> >> Admin is disabled because insecure channel >> >> Isn't that just the default behavior? >> >> -Jim >> >> On Friday, September 1, 2023 at 1:00:08 PM UTC-5 Clemens wrote: >> >>> I don't and I that's why I (re)move these to a hidden folder on system >>> level :-) What I need is to give customers the option to add new users by >>> themselves. For that I've written a small controller under the control of >>> 2FA and so on. >>> >>> Regards >>> Clemens >>> >>> >>> On Friday, September 1, 2023 at 7:40:19 PM UTC+2 Jim S wrote: >>> >>>> I'm just curious >>>> >>>> Why do you need access to the admin/appadmin apps in a production >>>> environment? >>>> >>>> I've never used them there. I use in development, but never production >>>> >>>> -Jim >>>> >>>> >>>> On Friday, September 1, 2023 at 11:54:02 AM UTC-5 Clemens wrote: >>>> >>>>> Removing the admin app as well as the appadmin controllers should kill >>>>> all options of administration. Move these to two to a folder away from >>>>> web2py. And then you can still call https://.../admin/site or >>>>> https://.../appadmin? >>>>> >>>>> On Friday, September 1, 2023 at 6:44:31 PM UTC+2 Ramos wrote: >>>>> >>>>>> yes i tried it on the admin app and it just does not work. >>>>>> :) >>>>>> >>>>>> >>>>>> Em sex., 1 de set. de 2023 às 16:53, Jim S <[email protected]> >>>>>> escreveu: >>>>>> >>>>>>> So, are you trying to protect the 'admin' application with 2fa? >>>>>>> >>>>>>> If so, can you add the 2fa code to the admin app? >>>>>>> >>>>>>> I haven't tried this before >>>>>>> >>>>>>> On Friday, September 1, 2023 at 10:24:29 AM UTC-5 Ramos wrote: >>>>>>> >>>>>>>> this admin >>>>>>>> >>>>>>>> https://mysite.com/admin >>>>>>>> >>>>>>>> Em sex., 1 de set. de 2023 às 16:08, Jim S <[email protected]> >>>>>>>> escreveu: >>>>>>>> >>>>>>>>> What does 'administrator password' mean to you? >>>>>>>>> >>>>>>>>> I'm not sure what you're referring to >>>>>>>>> >>>>>>>>> -Jim >>>>>>>>> >>>>>>>>> On Friday, September 1, 2023 at 9:53:43 AM UTC-5 Ramos wrote: >>>>>>>>> >>>>>>>>>> Hello Jim >>>>>>>>>> this line of code >>>>>>>>>> *auth.settings.auth_two_factor_enabled = True* >>>>>>>>>> *does not protect the administrator password. Only created users.* >>>>>>>>>> *That is my question, how to force administrator to use 2fa ?* >>>>>>>>>> *regards* >>>>>>>>>> *António* >>>>>>>>>> >>>>>>>>>> Em sex., 1 de set. de 2023 às 15:00, Jim S <[email protected]> >>>>>>>>>> escreveu: >>>>>>>>>> >>>>>>>>>>> Here is the code I wrote that only enforced 2fa for users >>>>>>>>>>> outside our local networks. >>>>>>>>>>> >>>>>>>>>>> There is some commented out code there that additionally allowed >>>>>>>>>>> me to specify users in a group so only that group was force to 2fa >>>>>>>>>>> >>>>>>>>>>> def _two_factor_required(auth_user): >>>>>>>>>>> """ >>>>>>>>>>> check whether we need to enforce MFA on this login >>>>>>>>>>> >>>>>>>>>>> We enforce MFA only on logins external to our network. >>>>>>>>>>> >>>>>>>>>>> Returns >>>>>>>>>>> ------- >>>>>>>>>>> bool - enforce MFA >>>>>>>>>>> - True means this login requires MFA >>>>>>>>>>> - False means we will not enforce MFA for this login >>>>>>>>>>> """ >>>>>>>>>>> import ipaddress >>>>>>>>>>> >>>>>>>>>>> return False # temp use to disable mfa >>>>>>>>>>> >>>>>>>>>>> if len(request.args) > 0 and request.args[0] == "login": >>>>>>>>>>> if auth_user.mfa_override and datetime.datetime.now() <= >>>>>>>>>>> auth_user.mfa_override: >>>>>>>>>>> # no mfa required if the user override is set - >>>>>>>>>>> we added a field in auth_user to allow us to override if a user was >>>>>>>>>>> having >>>>>>>>>>> trouble or lost their phone or something >>>>>>>>>>> return False >>>>>>>>>>> >>>>>>>>>>> qlf_networks = [ >>>>>>>>>>> "9.9.9.9/22", >>>>>>>>>>> "9.9.9.0/24", >>>>>>>>>>> "9.9.9.101/24", >>>>>>>>>>> ] >>>>>>>>>>> >>>>>>>>>>> ip_list = [] >>>>>>>>>>> for range in qlf_networks: >>>>>>>>>>> ip_list.extend(ipaddress.IPv4Network(unicode(range))) >>>>>>>>>>> >>>>>>>>>>> if ipaddress.IPv4Address(unicode(request.client)) in >>>>>>>>>>> ip_list: >>>>>>>>>>> # if the client address is in the local address >>>>>>>>>>> list, then do NOT require MFA so set to False >>>>>>>>>>> return_value = False >>>>>>>>>>> >>>>>>>>>>> # build the MFA Required group members >>>>>>>>>>> # if return_value: >>>>>>>>>>> # print(datetime.datetime.now()) >>>>>>>>>>> # ag = db(db.auth_group.role == "MFA Required >>>>>>>>>>> (web2py)").select().first() >>>>>>>>>>> # if not ag: >>>>>>>>>>> # ag = db.auth_group.insert("MFA Required >>>>>>>>>>> (web2py)") >>>>>>>>>>> # for ou in db( >>>>>>>>>>> # (db.auth_user.active == True) >>>>>>>>>>> # | ( >>>>>>>>>>> # (db.auth_user.mfa_override == None) >>>>>>>>>>> # & (db.auth_user.mfa_override <= >>>>>>>>>>> datetime.datetime.now()) >>>>>>>>>>> # ) >>>>>>>>>>> # ).select(): >>>>>>>>>>> # db.auth_membership.update_or_insert(user_id= >>>>>>>>>>> ou.id, group_id=ag) >>>>>>>>>>> # >>>>>>>>>>> # # clear out any members that are currently exempt >>>>>>>>>>> from MFA >>>>>>>>>>> # if ag: >>>>>>>>>>> # for exempt_user in db( >>>>>>>>>>> # (db.auth_user.mfa_override >= >>>>>>>>>>> datetime.datetime.now()) >>>>>>>>>>> # & (db.auth_user.active == True) >>>>>>>>>>> # ).select(): >>>>>>>>>>> # db( >>>>>>>>>>> # (db.auth_membership.group_id == ag.id) >>>>>>>>>>> # & (db.auth_membership.user_id == >>>>>>>>>>> exempt_user.id) >>>>>>>>>>> # ).delete() >>>>>>>>>>> # db.commit() >>>>>>>>>>> # >>>>>>>>>>> # print(datetime.datetime.now()) >>>>>>>>>>> # >>>>>>>>>>> # # set to False to force web2py to check the >>>>>>>>>>> two_factor_authentication group >>>>>>>>>>> # return_value = False >>>>>>>>>>> >>>>>>>>>>> That code is in db.py >>>>>>>>>>> >>>>>>>>>>> Then.... >>>>>>>>>>> >>>>>>>>>>> auth.settings.auth_two_factor_enabled = lambda user: >>>>>>>>>>> _two_factor_required(user) >>>>>>>>>>> auth.messages.two_factor_comment = "QLF MFA - you have been sent >>>>>>>>>>> a code" >>>>>>>>>>> auth.settings.two_factor_methods = [ >>>>>>>>>>> lambda user, auth_two_factor: _send_sms(user, >>>>>>>>>>> auth_two_factor) >>>>>>>>>>> ] >>>>>>>>>>> >>>>>>>>>>> My _send_sms code built and sms and sent it via Twilio or >>>>>>>>>>> RingCentral >>>>>>>>>>> >>>>>>>>>>> I wrote this code, but then we ended up not implementing. The >>>>>>>>>>> web2py code is going away for us. All the same concepts work in >>>>>>>>>>> py4web >>>>>>>>>>> (nudge wink wink) >>>>>>>>>>> >>>>>>>>>>> -Jim >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Friday, September 1, 2023 at 5:24:53 AM UTC-5 Ramos wrote: >>>>>>>>>>> >>>>>>>>>>>> Anyone can help me ? >>>>>>>>>>>> >>>>>>>>>>>> Em qua., 30 de ago. de 2023 às 10:14, António Ramos < >>>>>>>>>>>> [email protected]> escreveu: >>>>>>>>>>>> >>>>>>>>>>>>> in other words, how do i protect the administrator password? >>>>>>>>>>>>> it does not have a username , just a password. This is scary :) >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Em ter., 29 de ago. de 2023 às 19:44, António Ramos < >>>>>>>>>>>>> [email protected]> escreveu: >>>>>>>>>>>>> >>>>>>>>>>>>>> But that is for everyone, i just want to start with users >>>>>>>>>>>>>> with admin powers >>>>>>>>>>>>>> >>>>>>>>>>>>>> Clemens <[email protected]> escreveu em ter., >>>>>>>>>>>>>> 29/08/2023 às 18:25 : >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Try enabling 2FA via the following setting, since this is >>>>>>>>>>>>>>> for all users: >>>>>>>>>>>>>>> *auth.settings.auth_two_factor_enabled = True* >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Regards >>>>>>>>>>>>>>> Clemens >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Tuesday, August 29, 2023 at 6:09:26 PM UTC+2 Ramos wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> i just activated the two step auth with this >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> auth.settings.two_factor_authentication_group = "auth2step" >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> but now how do i include the administrator user ? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> regards >>>>>>>>>>>>>>>> António >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> Resources: >>>>>>>>>>>>>>> - http://web2py.com >>>>>>>>>>>>>>> - http://web2py.com/book (Documentation) >>>>>>>>>>>>>>> - http://github.com/web2py/web2py (Source code) >>>>>>>>>>>>>>> - https://code.google.com/p/web2py/issues/list (Report >>>>>>>>>>>>>>> Issues) >>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>>>>> Google Groups "web2py-users" group. >>>>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails >>>>>>>>>>>>>>> from it, send an email to [email protected]. >>>>>>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>>>>>> https://groups.google.com/d/msgid/web2py/5fe99103-1d14-4b91-80eb-194402c08453n%40googlegroups.com >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <https://groups.google.com/d/msgid/web2py/5fe99103-1d14-4b91-80eb-194402c08453n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>>>>>>>> . >>>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>> Resources: >>>>>>>>>>> - http://web2py.com >>>>>>>>>>> - http://web2py.com/book (Documentation) >>>>>>>>>>> - http://github.com/web2py/web2py (Source code) >>>>>>>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>>>>>>> --- >>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>> Google Groups "web2py-users" group. >>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>> >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>> https://groups.google.com/d/msgid/web2py/f92a15ab-45f6-41ae-b285-6b717abd3d7fn%40googlegroups.com >>>>>>>>>>> >>>>>>>>>>> <https://groups.google.com/d/msgid/web2py/f92a15ab-45f6-41ae-b285-6b717abd3d7fn%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>>>> . >>>>>>>>>>> >>>>>>>>>> -- >>>>>>>>> Resources: >>>>>>>>> - http://web2py.com >>>>>>>>> - http://web2py.com/book (Documentation) >>>>>>>>> - http://github.com/web2py/web2py (Source code) >>>>>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>>>>> --- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "web2py-users" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> >>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/web2py/c8187486-ebdd-4f18-a4d6-b9a45381fad9n%40googlegroups.com >>>>>>>>> >>>>>>>>> <https://groups.google.com/d/msgid/web2py/c8187486-ebdd-4f18-a4d6-b9a45381fad9n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>> -- >>>>>>> Resources: >>>>>>> - http://web2py.com >>>>>>> - http://web2py.com/book (Documentation) >>>>>>> - http://github.com/web2py/web2py (Source code) >>>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "web2py-users" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> >>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/web2py/4d5dc6cd-66c9-42d7-ab5d-78f089987d65n%40googlegroups.com >>>>>>> >>>>>>> <https://groups.google.com/d/msgid/web2py/4d5dc6cd-66c9-42d7-ab5d-78f089987d65n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/4b590d0b-a194-4e45-b806-dda93ddbfcf3n%40googlegroups.com.
