Apps
Knowledge
People
Register
Login



-
- Content .- Fans (8) .- Knowledge Base (1) . 

One Time Password Backend

   2.3  

ownCloud Tool

Score 58%
One Time Password Backend
zoom


One Time Password Backend
zoom


One Time Password Backend
zoom


Version Control:  Link
Depends on  ownCloud 5
Downloads:  1230
Submitted:  Jun 17 2013
Updated:  Apr 13 2014

Description:

This application is distributed WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU AFFERO GENERAL PUBLIC LICENSE for more details.

One Time Password Backend can create TOTP and HOTP and generate QrCode
Based on library multiOTP http://www.multiotp.net/ develop by "SysCo systèmes de communication" (thanks)
test with "Google Authenticator" and "android Token"
Can works with Yubikey see doc here : http://www.sj-vs.net/two-factor-authentication-for-owncloud-using-one-time-passwords-otp-from-yubikey/
Administrator interface to manage users OTP
require Owncloud >= 5

if you want help to make bug fix, enhancement or translation your welcome.
Just fork the github project and submit your pull request
GIT : https://github.com/loki36/user-otp

Version 2.3

Installation:
Upload user_otp directory under the 'apps' directory of your ownCloud.
user_otp folder should have read write permission for the web server user (under debian/ubutnu : chown -R www-data:www-data user_otp)
Navigate to the 'Apps' page in Admin.
Click on 'user_otp' in the application list. Then click the 'Enable' button.

Usage:
- Navigate to the 'Admin' page to set the server encryption key;
- Click 'Save';
- Navigate to 'Personal' page to create Your OTP

- keep an admin user working without otp in case of a lost of otp seed
if not you can delete otp user config in the db with the query
"delete from *PREFIX*user_otp where `user` = 'YOURUSERLOGIN'
replace *PREFIX* by owncloud table prefix 'oc_' by default

- Use the navigation entry "OTP users" (on left bar, with admin account)
to manage user's OTP
- if you want to be able to send email to users with OTP config
your server must be correctly configure :
http://doc.owncloud.org/server/6.0/admin_manual/configuration/configuration_mail.html


Todo:
- improve Admin interface to manage otp user information (mass provisionning / ...)
- add user rescue otp code as lost password process




Changelog:

V2.3 2014-04-14:
enhancement enter regular password and OTP within same field #44
enhancement admin option for user can't disable otp option (only changed it) #48
bug fix lost password link not working when otp is enable #47
bug fix user (including admin) can't change password with OTP+password required option # 50

V2.2 2014-02-28:
enhancement page liste users with otp for admin #40
enhancement Small changes to make this compatible with Yubikey (HOTP) #33 (thanks to Bas)
bug fix user-otp prevents creation of new ownCloud users #36
bug fix setting up user token seed fails on OC6 with PostgreSQL 9.1 #38 (thanks to rainforest1155)
bug fix two factor auth for user not have a two factor auth #39
bug fix Password-field behaviour for "Two Factor Authendication"is different #6
bug fix Broken path to password.svg - variable owncloud root path #32

V2.1 2014-02-02:
bug fix SQL Error using Postgresql as DB #25
bug fix Password not change! #27
owncloud 6 bug fix #28
remove windows binary from the 3rd party
bug fix personal setting error #29

V2 :
lot of bug fix
update multiOTP lib (4.0.4)
store otp user information in owncloud DB
should work with all user backend!
add two factor authenticator options




LicenseAGPL
Send to a friend
Subscribe
Other  Apps  from loki9236
Report inappropriate content



goto page: prev   1  2  3  4  5 

-
.

 error on the qrcode

 
 by emmaanuel on: Apr 6 2014
 
Score 50%

Hello,
I've this error when I create the QRCode il the personnal page:

gd-png: fatal libpng error: Invalid number of colors in palette

After that, everything work, but I'm not able to see the QRCode.
Thanks for your help.


Reply to this

-

 Re: error on the qrcode

 
 by loki9236 on: Apr 6 2014
 
Score 50%

Hi,

first step, check your webserver user can read folder user_otp/3rdparty/multiotp/qrcode and sub directory

and i need your php version


Reply to this

-

 Re: Re: error on the qrcode

 
 by emmaanuel on: Apr 6 2014
 
Score 50%

Yes, the web user have write permission to this folder. I can see a lot of .dat files inside.

My php version is :
PHP 5.3.10-1ubuntu3.10 with Suhosin-Patch (cli) (built: Feb 28 2014 23:14:25)


Reply to this

-

 Re: error on the qrcode

 
 by loki9236 on: Apr 7 2014
 
Score 50%

i've opened a bug on github.
can you check if all png files in user_otp/3rdparty/multiotp/qrcode/image are correct.

and have you other information on error?


Reply to this

-

 no OTP field

 
 by My1 on: Apr 21 2014
 
Score 50%

already read all the pages tried the AcceptPathInfo On and cgi.fix_pathinfo=1 parts (right now both are enabled.

but a Firebug inspection got an intresting point.
Translated, the Error means about the following:
Content Security Policy: the settings of the page have blocked loading a ressource: a try executing inline scripts was blocked.


Reply to this

-

 Re: no OTP field

 
 by loki9236 on: Apr 22 2014
 
Score 50%

Hi

interesting.
have you "custom_csp_policy" set in your config.php file ?


Reply to this

-

 Re: Re: no OTP field

 
 by My1 on: Apr 22 2014
 
Score 50%

never set it that way and doesnt look like it. here's my file:

<?php
$CONFIG = array (
'instanceid' => '',//censored
'passwordsalt' => '',//censored
'trusted_domains' =>
array ( 1 => '' //censored
),
'datadirectory' => '',//censored
'dbtype' => 'mysql',
'version' => '6.0.2.2',
'dbname' => '',//censored
'dbhost' => '',//censored
'dbtableprefix' => '',//censored
'dbuser' => '',//censored
'dbpassword' => '',//censored
'installed' => true,
'loglevel' => '3',
);


Reply to this

-

 Re: no OTP field

 
 by loki9236 on: Apr 22 2014
 
Score 50%

ok just to make a test can you
change setting security.csp.enable to "false" in Firefox
and test if the otp field is show ?
and which version of owncloud ?


Reply to this

-

 Re: Re: no OTP field

 
 by My1 on: Apr 22 2014
 
Score 50%

OC is as you can see in the config 6.0.2.2

also the FF (28.0) setting didnt help.

Chrome 34 same result


Reply to this

-
.

 Re: Re: Re: no OTP field

 
 by My1 on: Apr 22 2014
 
Score 50%

I thought, coz I deleted and changed some things in PHP, css and images, that maybe a clean installation could help, but well, no...


Reply to this

-

 Re: no OTP field

 
 by loki9236 on: Apr 22 2014
 
Score 50%

I will make some checks tonight (i can't just now).

but if you want you can test that :
in file user_otp/appinfo/app.php

edit line 58
if (OCP\Config::getAppValue('user_otp','authMethod',_AUTH_DEFAULT_) === _AUTH_TWOFACTOR_ && OCP\Config::getAppValue('user_otp','inputOtpAfterPassword','0')==='0') {

replace by

if (OCP\Config::getAppValue('user_otp','authMethod',_AUTH_DEFAULT_) === _AUTH_TWOFACTOR_ ) {

and delete lines 67 to 84

<!--
<script type="text/javascript">
$(document).ready(function(){

//$('#expanddiv li:last-child').append('toto');
var items = document.querySelectorAll("#expanddiv li");
var users = items[items.length-4];
//alert(users);
//users.append('toto');
var elm = users; //document.getElementById("name");
var newElm = document.createElement("li");
newElm.innerHTML = "<a href='"+<?php echo \OCP\Util::linkToRoute('user_otp_list_users') ?> +"'>OTP Users</a>";
//alert(document.location.href);
elm.parentNode.insertBefore(newElm, elm.nextSibling);

});
</script>
-->


Reply to this

-
.

 Re: Re: no OTP field

 
 by My1 on: Apr 22 2014
 
Score 50%

the fist one is enough, anyway the 2nd was commented out, so well...

also in your CSS:

#otpPassword + label + img {
left: 1.25em;
opacity: 0.3;
position: absolute;
top: 1.65em;
}

'-> top -> change to 1.1em, then it's properly aligned...


Reply to this

-

 Re: Re: Re: no OTP field

 
 by loki9236 on: Apr 22 2014
 
Score 50%

cool.

thank's for your tests.

I will made a bug fix quickly


Reply to this

-

 Re: Re: Re: no OTP field

 
 by My1 on: Apr 22 2014
 
Score 50%

also, is there a way to stop browsers trying to "remember the OTP but only the "real" password???

also it would be nice to be able to set an own "accuracy", meaning that I can set how many codes are checked, in my case I'd only need the code right now+2 before and after each... (TOTP) and in case of HOTP that I'd be able not to check a hundred codes but maybe only 50 or sth. (dont know the defaults...


Reply to this

-
.

 password for App and Webdav

 
 by My1 on: 2 days ago
 
Score 50%

I also have a feature request:

like many other sevices that also have 2FA (e.g. Google), they dont disable OTP for them but rather let the user generate application passwords (long, more secure passwords, which will be used instead becuase they usually only need to be entered once they are usually shown only one time...

Is they some way to include that.


Reply to this

-

 Re: password for App and Webdav

 Fresh
 by loki9236 on: 12 hours ago
 
Score 50%

for this use case you should set a strong password for your user in owncloud,
set otp config to "OPT only" or "OTP or password"
enable the otp pin code (it can be alpha numeric and length 16)
and you input your pin follow by the OTP


Reply to this

-

 Re: Re: password for App and Webdav

 Fresh
 by My1 on: 12 hours ago
 
Score 50%

Well that would also be a way but not so nice.
some points:
1st, with seperate application passwords you'd have one for each and can revoke every one without disturbing other apps and whatnot
2nd you douldn't have to note down your app-pw since it is only used once. with your solution I'd always have to have it ready when I needed it...
3rd with different app-passwords you can also avoid using your PWs too often.

Memo: this is NOT ranting, and no perosnal attack just wanna recommend nice features...


Reply to this

-

 ERROR: The time based token has already been used

 Fresh
 by redbeard01 on: 1 day ago
 
Score 50%

Hello,

I am trying to get Google Authenticator working with ownCloud 6.0.2. I was able to create the barcode, etc. However, when I try to log in, I get "ERROR: The time based token has already been used." This persists no matter how many times I try. The times on the server, and my phone, are correct and in sync. I have tried multiple combinations of settings in the admin interface, including all three authentication methods listed there (OTP only, PW+OTP, PW or OTP).

This is a new, pristine install on ubuntu 12.04 lts, without any other apps. Is it possible I am missing a dependency? Any suggestions would be greatly appreciated.


Reply to this

goto page: prev   1  2  3  4  5 

Add commentBack




-
 
 Who we are
Contact
Register
Explore
Apps
Knowledge
People
Participate
Add App
Public API
About apps.ownCloud.com
Legal Notice
Report Abuse
 

Copyright 2011-2014 apps.ownCloud.com Team  
All rights reserved. apps.ownCloud.com is not liable for any content or goods on this site.
All contributors are responsible for the lawfulness of their uploads.