Page 1 of 6

[3.2][BETA] phpBB two factor authentication

Posted: Sun Oct 25, 2015 9:43 am
by Paul
Extension Name: phpBB two factor authentication
Author: Paul

Extension Description: This extension adds support for the two factor authentication in your phpBB forum.
You can set several options within this extension:
  • Disable 2FA completly (Basicly disabling the extension!)
  • Do not require 2FA, but give it as option to users
  • Require 2FA for users with a_ permissions only, and only to login for the ACP
  • Require 2FA for users with a_ permissions only
  • Require 2FA for users with a_ or m_ permissions only
  • Require 2FA for all users
Depending on the choosen setting 2FA is required at registration (If a new user is registered), or a user is directly asked after login to update his profile with his key.

This extension currently supports the following types of two factor authentication:
  • U2F (See below)
  • TOTP (For example Google authenticator)
  • Backup keys
Since version 0.0.1 this extension has been mostly rewritten. Do not use this extension on a live board yet.
This is a very first version of the extension. There are still a few things which need to be fixed. Please test this only locally.
Issues can be reported at github (See below).

Extension Version: 0.0.5

Requirements:
  • phpBB 3.2.0
  • openSSL (At least 1.0.0)
  • A secure connection (There are no specific requirements for the certificate. A self signed certicate will work as well as a extended validated certificate) if you want to use U2F
Screenshots: Coming soon

Limitations to U2F security keys
Due to limitations set by the U2F standard a secure connection is required. Currently, U2F is only supported in Google Chrome. Firefox and Edge are working on support U2F as well, once they do support it this extension will be updated.
Ofcourse the user will also need a U2F compatible security key, for example from Yubico.

This is a BETA extension, and as such not suggested to be used on a live forum.

Extension Download: https://github.com/paul999/phpbb_2fa/re ... tag/v0.0.5
Github: https://github.com/paul999/phpbb_2fa
Issues: https://github.com/paul999/phpbb_2fa/issues

Re: [DEV]phpBB two factor authentication

Posted: Sun Oct 25, 2015 9:43 am
by Paul
*reserved*

Re: [DEV]phpBB two factor authentication

Posted: Sat Oct 31, 2015 5:51 pm
by Paul
A first version of this extension can be downloaded at https://github.com/paul999/phpbb_2fa/re ... tag/v0.0.1
Please remember that this extension has a few requirements and limitations. Please make sure to read the first post

Re: [DEV]phpBB two factor authentication

Posted: Mon Dec 07, 2015 10:19 pm
by scuba323
Just installed this on my forum, and I get a 500 when I try to access the UCP menu for it.

Re: [DEV]phpBB two factor authentication

Posted: Mon Dec 07, 2015 10:33 pm
by david63
Did you miss this
Paul wrote:No Extensions within this forum should be used within a live environment!

Re: [DEV]phpBB two factor authentication

Posted: Mon Dec 07, 2015 10:36 pm
by 3Di
Or this?
Paul wrote: phpBB 3.1.7RC1 (Or this change: https://github.com/phpbb/phpbb/pull/4004 )

Re: [DEV]phpBB two factor authentication

Posted: Tue Dec 08, 2015 6:36 am
by Paul
Or in any other case, are there any errors in the apache error log?

Re: [DEV]phpBB two factor authentication

Posted: Wed Dec 09, 2015 4:30 pm
by scuba323
Paul wrote:Or in any other case, are there any errors in the apache error log?
Paste of apache log.

Re: [DEV]phpBB two factor authentication

Posted: Wed Dec 09, 2015 5:25 pm
by Paul
It seems the autoloader isn't loading the dependencies. What phpBB and php version are you using?

Re: [DEV]phpBB two factor authentication

Posted: Mon Dec 14, 2015 3:31 pm
by scuba323
Paul wrote:It seems the autoloader isn't loading the dependencies. What phpBB and php version are you using?
3.1.6

Re: [DEV]phpBB two factor authentication

Posted: Mon Dec 14, 2015 6:37 pm
by Paul
Did you read the requirements? It is clearly stated, and even quoted by 3Di afterwards that 3.1.7RC1 is required for this extension.

Re: [DEV]phpBB two factor authentication

Posted: Fri Feb 19, 2016 2:49 am
by xCanadianz
When do you plan to release this, and does it work with Google Authenticator?

Re: [DEV]phpBB two factor authentication

Posted: Fri Feb 19, 2016 7:30 am
by Paul
I am currently in the process of moving, so once that is done I will start working on my extensions again :). Currently it doesn't work with Google Authenticator, but the next release probably will.

Re: [DEV]phpBB two factor authentication

Posted: Thu Feb 25, 2016 7:44 am
by xCanadianz
Paul wrote:I am currently in the process of moving, so once that is done I will start working on my extensions again :). Currently it doesn't work with Google Authenticator, but the next release probably will.
Okay, thank you.

Re: [DEV]phpBB two factor authentication

Posted: Sat Aug 06, 2016 6:37 pm
by Paul
So, in the last few days I had finally some time to finish up rewriting most of this extension. This extension now supports the following three two factor standard:
  • U2F (See for limitions the start post)
  • TOTP (Google authenticator etc.)
  • backup keys
As this extension now uses a sort of module system, adding extra standards is pretty straight forward. There are still some issues I need to fix, and I want some stuff to be refactored, before I want to submit it to the CDB. Once it is validated for the first time, I will start adding new standards.
If you want a standard to be implemented into this extension, please create a issue at the tracker in github: https://github.com/paul999/phpbb_2fa/issues Bugs can also be reported here.

Download: https://github.com/paul999/phpbb_2fa/re ... tag/v0.0.2
Do not use this extension in production! This is a unfinished extension which might cause issues on your board!