Two Factor Authentication via SMS/WhatsApp

I was wondering if there is an NextCloud App available or perhaps work-in-progress to implement “2FA” via SMS or WhatsApp?

Cheers to all

SMS is already possible:

Thanks @tflidd for the info. I will try it on our SMS/WhatsApp gateway.
I think I missed it in my search… thanks again.

Are there any SMS apps which use global providers such as plivo, twilio, nexmo or signalwire? I’m looking at developing an app which uses those providers. Any thoughts?

What you are looking for is https://github.com/nextcloud/twofactor_gateway. See https://github.com/nextcloud/twofactor_gateway/pulls?q=is%3Apr+is%3Aclosed for how easy it is to add new providers.

I’m not sure what I should be looking at. Are you referring to this link?: https://github.com/nextcloud/twofactor_gateway/pull/346

If I understand correctly, as I’m new to nextcloud, is that I can add a provider to the existing code and use a pull request to get it merged into that particular app?

After browsing around, it seems for each gateway, I need to provide 2 classes: regular class and config class. Is this correct?

Here are the steps I took:

  1. Cloned/forked your repository to my account
  2. Git clone onto my webserver inside the apps directory
  3. sudo -u www-data ../occ twofactorauth:gateway:configure sms and selected clicksend
  4. Random values for the 2 questions is asked

How do I test this setup? I’m looking to add the Plivo service to the code.

Personal Security Settings

Yep, that should do it :slight_smile:

Have you checked the other pull requests? You’ll have to add the code for this new provider. Then it will be selectable in the configure command.

My time is limited right now, so I can not give you all the support on this. How experienced are you with development in general and php specifically?

I’m new to pull requests and nextcloud. Not new to PHP development. I read over the code and can figure out where to put my code. I just need direction specific to:

  1. Get the admin screen working ( i believe some of the javascript is not present)
  2. Enable it so my login screen requests 2FA
  3. I can add in the needed code and test the SMS on Plivo (i’ve done this part before).

In general, if I’m given direction, I can find my path. Also, if there is someone else whom I can work with, please advise. I understand your time is limited.

That Plivo thing will show up as a SMS gateway if I understand correctly. So once you added the code and ran occ twofactorauth:gateway:configure sms you should be able to set up the second factor in the user settings.
The rest will show up automatically (like the login screen dialog).

For people to collaborate with check the authors of the other PRs. Some of them are active on Github. Just open your pull request once you have some basics done, then mention them for feedback and hope for the best :slight_smile:

For Github and pull requests I usually recommend the official Github docs as they are quite good: https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests

Cheers

Okay, I’ll reach out to others. One point I don’t think I made clear. I have configured the app, yet the user settings don’t have options like it does on the app page: https://raw.githubusercontent.com/ChristophWurst/twofactor_gateway/3f895bc997c1a3a38c9bae16ccae8bd499af864e/screenshots/settings.png

Which is why I think I’m missing some javascript. Maybe I need to build those files?

I finished my updates. Should I submit a PR to the nextcloud repo or another developer’s?

For later reference the PR is at https://github.com/nextcloud/twofactor_gateway/pull/352 :slight_smile: