Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable or hide the MFA link in the nav bar if MFA isn't enabled #407

Open
dantownsend opened this issue Sep 9, 2024 · 4 comments
Open
Labels
enhancement New feature or request mfa Multi-factor Authentication

Comments

@dantownsend
Copy link
Member

dantownsend commented Sep 9, 2024

I'm not sure how best to do this at the moment, but it would be good to hide the MFA link in the nav bar, if no MFA providers are configured.

Related to #405

@dantownsend dantownsend added the enhancement New feature or request label Sep 9, 2024
@dantownsend dantownsend added the mfa Multi-factor Authentication label Sep 9, 2024
@sinisaos
Copy link
Member

sinisaos commented Sep 9, 2024

@dantownsend I don't know if this is a good approach, but in my opinion this is the simplest way to add an MFA status for the enable/disable link in the navbar. Branch is here

@dantownsend
Copy link
Member Author

@sinisaos It's a good idea.

I thought about adding an attribute to the /api/user/ endpoint, but that felt like a hack.

We can't reuse the meta endpoint, because that's public, and we don't want to disclose whether MFA is enabled publicly.

I see you created an endpoint like this:

   def get_mfa_status(self) -> JSONResponse:
        """
        Returns the status of MFA providers.
        """
        return JSONResponse(
            {"mfa_enabled": True if self.mfa_providers else False}
        )

Which I think is good. I'm just weighing up if it's worth doing this:

   def get_mfa_providers(self) -> JSONResponse:
        """
        Returns the names of MFA providers.
        """
        return JSONResponse(
            [{"name": provider.name} for provider in providers]
        )

And we mount it as /api/mfa, so we have the foundations of some Restful endpoints, which we can build upon in the future if needed.

What do you think?

And then in the Vue code, we make sure that the length of the providers is > 0.

@dantownsend
Copy link
Member Author

Or, we always the show the link, and it links to a page which lists all of the providers. If there are no providers, we say something like 'MFA isn't currently enabled - speak to your admin to set it up'.

Just trying to think if we can 'kill two birds with one stone', and solve the problem of multiple MFA providers at the same time.

@sinisaos
Copy link
Member

sinisaos commented Sep 9, 2024

I like both of your ideas and know you will find the optimal solution. If you find something useful in the branch from the previous comment, feel free to use it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request mfa Multi-factor Authentication
Projects
Status: To do
Development

No branches or pull requests

2 participants