Weekly Report on project related to zotonic
4 views
Skip to first unread message
anant sharma
Aug 9, 2015, 3:50:43 PM8/9/15
to BEAM Community, Arjan Scherpenisse, Marc Worrell
Hello,
This week I have worked on various bugs, I have linked both my modules i.e. mod_multi_factor_authentication_via_mobilePhone, mod_multi_factor_authentication_via_email with mod_authentication. So I have added such a feature that we cannot activate both the modules together, it's like if one of the module is activated by the user than another one is automatically deactivated.
There was a major mistake in my module design of mod_multi_factor_authentication_via_mobilePhone it was like when user entered correct username and password his mobile number was checked in the database if it was not present he was asked to enter the number (but it is quite wrong approach as if someone has username and password than he can easily access the account by entering his number and getting the OTP in his mobile phone and entering it in the submit form to enter the OTP). Now if number is not present in the database user will be redirected to link saying that mobile number not present in the database and the module for multi-factor authentication is deactivated, so that he can access the account with username, password and will not be asked to enter OTP(it will be a simple login as of now, but in future what I will do is that I will make sure that user is not able to activate the module without entering his mobile number ). He can enter his mobile number in the site and than can activate the module and use it.
You can access my commit here.
I am planning to add a notification system so that when he activates the module he gets the notification, like, if his number is not present in the database than he is asked to enter it before activating the module.
Regards,
Anant
This week I have worked on various bugs, I have linked both my modules i.e. mod_multi_factor_authentication_via_mobilePhone, mod_multi_factor_authentication_via_email with mod_authentication. So I have added such a feature that we cannot activate both the modules together, it's like if one of the module is activated by the user than another one is automatically deactivated.
There was a major mistake in my module design of mod_multi_factor_authentication_via_mobilePhone it was like when user entered correct username and password his mobile number was checked in the database if it was not present he was asked to enter the number (but it is quite wrong approach as if someone has username and password than he can easily access the account by entering his number and getting the OTP in his mobile phone and entering it in the submit form to enter the OTP). Now if number is not present in the database user will be redirected to link saying that mobile number not present in the database and the module for multi-factor authentication is deactivated, so that he can access the account with username, password and will not be asked to enter OTP(it will be a simple login as of now, but in future what I will do is that I will make sure that user is not able to activate the module without entering his mobile number ). He can enter his mobile number in the site and than can activate the module and use it.
You can access my commit here.
I am planning to add a notification system so that when he activates the module he gets the notification, like, if his number is not present in the database than he is asked to enter it before activating the module.
Regards,
Anant
Reply all
Reply to author
Forward
0 new messages