Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

breakfix: Cannot add mfa registration using authy #247

Open
ebigaignon opened this issue Jul 20, 2023 · 3 comments
Open

breakfix: Cannot add mfa registration using authy #247

ebigaignon opened this issue Jul 20, 2023 · 3 comments
Assignees
Labels

Comments

@ebigaignon
Copy link

ebigaignon commented Jul 20, 2023

Hello,
Thank you for this security module that is a real blessing, as I finally can try to access my media server from outside my home.
I am trying to add mfa registration, using Authy, when I click on Add after entering the pass code, nothing happens.

Configuration

Paste full Caddyfile below:
{
# http_port 8080
# https_port 8443
debug

    security {
            local identity store localdb {
                    realm local
                    path {env.HOME}/.local/caddy/users.json
            }
            authentication portal myportal {
                    crypto default token lifetime 14400
                    crypto key sign-verify {env.AUTHP_SHARED_KEY}
                    enable identity store localdb
                    cookie domain ...
                    ui {
                            links {
                                    "Jellyfin" https://.../jellyfin/ icon "las la-star"
                                    "Admins" https://.../admins icon "las la-star"
                                    "Users" https://.../users icon "las la-star"
                                    "My App" https://.../myapp/
                                    "My Identity" "/whoami" icon "las la-user"
                            }
                    }
                    transform user {
                            match origin local
                            match realm local
                            require mfa
                            action add role authp/user
                            ui link "Portal Settings" /settings icon "las la-cog"
                    }
            }
            authorization policy users_policy {
                    set auth url https://.../auth/
                    allow roles authp/admin authp/user
                    crypto key verify {env.AUTHP_SHARED_KEY}
            }
            authorization policy admins_policy {
                    set auth url https://.../admins/
                    allow roles authp/admin
                    crypto key verify {env.AUTHP_SHARED_KEY}
            }
    }

}

(tls_config) {
tls {
dns gandi {env.GANDI_API_TOKEN}
}
}

... {
import tls_config
route /auth/* {
authenticate with myportal
}
route /jellyfin/* {
authorize with users_policy
reverse_proxy 127.0.0.1:8096
}
route /admins* {
authorize with admins_policy
respond * "admins" 200
}
route /myapp* {
respond * "myapp" 200
}
route {
authenticate with myportal
}
log {
output file /var/log/caddy/kadeki-portal.log {
roll_size 10MiB
roll_keep 10
roll_keep_for 2160h
}
}
}

Version Information

Provide output of caddy list-modules -versions | grep git below:

caddy v2.6.4
dns.providers.gandi v1.0.2
http.authentication.providers.authorizer v1.1.19
http.handlers.authenticator v1.1.19
security v1.1.19

Expected behavior

The application should log me in as it does without mfa, and create a new Authy authenticator token.

Additional context

Authy works well with other apps.

@ebigaignon ebigaignon changed the title breakfix: CHANGE_ME breakfix: Cannot add mfa registration using authy Jul 22, 2023
@greenpau
Copy link
Owner

greenpau commented Dec 2, 2023

@ebigaignon , do you still need help with this?

@greenpau greenpau added question Further information is requested mfa pending user response and removed need triage labels Dec 2, 2023
@ebigaignon
Copy link
Author

@greenpau Thanks for asking.
While trying to configure registration, I added an email provider, and then MFA started working as well.
One issue about registration, is that when a user tries to register, and the registration policy enforces password requirements, the registration form never accepts any password even if it meets the policy requirements. It keeps displaying a message about the password not meeting the requirements.
The same password is accepted on the login page with the same policy requirements. Let me know if I need to open a different issue.
Enrico

@greenpau
Copy link
Owner

greenpau commented Dec 4, 2023

One issue about registration, is that when a user tries to register, and the registration policy enforces password requirements, the registration form never accepts any password even if it meets the policy requirements. It keeps displaying a message about the password not meeting the requirements.

@ebigaignon , I will look into it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants