In the Settings table, you need to fill in the codes for the secret and its sending, the resend time, the lifetime, and enable it.
Code generating the secret. The generated string will be passed to the sending code in the variable $#secret
and recorded in the database for subsequent verification.
For example:
=: strRandom(length: 4; numbers: "true"; letters: "false"; symbols: "false")
Code for sending the secret generated by the previous code. The code receives two variables:
$#secret
– returns the string from the secret code.
$#userId
— in both codes returns the user id.
You can use any action code capabilities. h_pro_auth_message
is executed as an action code.
For example, you can call getFromScript to send an SMS to the user's number or send the code via a bot in telegram.
For example:
a1=: notificationSend(users: $#userId; title: "Login Code"; eml: str`"Your secret code" ++ $#secret`)
a2=: str`"Code <b>sended</b>" to your email`
The string returned by this code will be displayed above the code input window.
Resend time in seconds — the wait time before the next sending is possible.
Lifetime of the generated code in minutes — if the correct code is entered outside this time, it will not work.
If the number of secret requests during the lockout period exceeds the limit, the user will be blocked and redirected to the authorization page.
Enable/disable.
You can disable the second factor check. Add a line to Conf.php (you need to pass a list of logins):
public $loginsWithoutTwoFactorAuth=["admin","another_user"];