Add option to require 2FA.

2025-10-26 11:27:15 +00:00 · 2020-02-23 14:44:48 -08:00 · 2020-02-23 14:44:48 -08:00 · 3725dbf908
commit 3725dbf908
parent 6cf917e607
6 changed files with 47 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -113,6 +113,7 @@ Note: To retain your settings between upgrades, copy your settings to appsetting
 * DataRetentionInDays: How long event logs and remote command logs will be kept.
 * RemoteControlSessionLimit: How many concurrent remote control sessions are allowed per organization.
 * RemoteControlRequiresAuthentication: Whether the remote control page requires authentication to establish a connection.
+* Require2FA: Require users to set up 2FA before they can use the main app.
 * AllowApiLogin: Whether to allow logging in via the API (see below).
 * TrustedCorsOrigins: For cross-origin API requests via JavaScript.  The websites listed in this array with be allowed to make requests to the API.  This does not grant authentication, which is still required on most endpoints.
 * KnownProxies: If your Nginx server is on a different machine and is forwarding requests to the Remotely server, you will need to add the IP of the Nginx server to this array.
--- a/Server/Pages/Index.cshtml.cs
+++ b/Server/Pages/Index.cshtml.cs
@ -13,16 +13,20 @@ namespace Remotely.Server.Pages
 {
    public class IndexModel : PageModel
    {
-        public IndexModel(DataService dataService, SignInManager<RemotelyUser> signInManager)
+        public IndexModel(DataService dataService, 
+            SignInManager<RemotelyUser> signInManager,
+            ApplicationConfig appConfig)
        {
            DataService = dataService;
            SignInManager = signInManager;
+            AppConfig = appConfig;
        }

        public string DefaultPrompt { get; set; }
        public List<SelectListItem> DeviceGroups { get; set; } = new List<SelectListItem>();
        private DataService DataService { get; }
        private SignInManager<RemotelyUser> SignInManager { get; }
+        private ApplicationConfig AppConfig { get; }

        public async Task<IActionResult> OnGet()
        {
@ -34,6 +38,12 @@ namespace Remotely.Server.Pages
                    await SignInManager.SignOutAsync();
                    return RedirectToPage();
                }
+
+                if (AppConfig.RequireMFA && !user.TwoFactorEnabled)
+                {
+                    return RedirectToPage("TwoFactorRequired");
+                }
+
                DefaultPrompt = DataService.GetDefaultPrompt(User.Identity.Name);
                var groups = DataService.GetDeviceGroupsForUserName(User.Identity.Name);
                if (groups?.Any() == true)
--- a/Server/Pages/TwoFactorRequired.cshtml
+++ b/Server/Pages/TwoFactorRequired.cshtml
@ -0,0 +1,15 @@
+@page
+@model Remotely.Server.TwoFactorRequiredModel
+@{
+    ViewData["Title"] = "TwoFactorRequired";
+}
+
+<h3>Two-Factor Authentication Required</h3>
+
+<hr />
+<div class="row">
+    <div class="col-sm-12">
+        <h5>Two-factor authentication is required.  Click the button below to set up your authenticator app.</h5>
+        <a asp-area="Identity" asp-page="/Account/Manage/TwoFactorAuthentication" class="btn btn-primary">Enable 2FA</a>
+    </div>
+</div>
--- a/Server/Pages/TwoFactorRequired.cshtml.cs
+++ b/Server/Pages/TwoFactorRequired.cshtml.cs
@ -0,0 +1,17 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+
+namespace Remotely.Server
+{
+    public class TwoFactorRequiredModel : PageModel
+    {
+        public void OnGet()
+        {
+
+        }
+    }
+}
--- a/Server/Services/ApplicationConfig.cs
+++ b/Server/Services/ApplicationConfig.cs
@ -25,6 +25,7 @@ namespace Remotely.Server.Services
        public bool RedirectToHttps => bool.Parse(Config["ApplicationOptions:RedirectToHttps"]);
        public bool RemoteControlRequiresAuthentication => bool.Parse(Config["ApplicationOptions:RemoteControlRequiresAuthentication"]);
        public double RemoteControlSessionLimit => double.Parse(Config["ApplicationOptions:RemoteControlSessionLimit"]);
+        public bool Require2FA => bool.Parse(Config["ApplicationOptions:Require2FA"]);
        public string SmtpDisplayName => Config["ApplicationOptions:SmtpDisplayName"];
        public string SmtpEmail => Config["ApplicationOptions:SmtpEmail"];
        public bool SmtpEnableSsl => bool.Parse(Config["ApplicationOptions:SmtpEnableSsl"]);
--- a/Server/appsettings.json
+++ b/Server/appsettings.json
@ -20,7 +20,8 @@
    "RecordRemoteControlSessions": false,
    "RedirectToHttps": false,
    "RemoteControlSessionLimit": 1,
-    "RemoteControlRequiresAuthentication":  true,
+    "RemoteControlRequiresAuthentication": true,
+    "Require2FA":  false,
    "SmtpHost": "",
    "SmtpPort": 25,
    "SmtpUserName": "",