mirror of
https://github.com/nextcloud/twofactor_gateway.git
synced 2026-04-25 17:15:53 +03:00
[GH-ISSUE #374] Add support for XMPP #83
Labels
No labels
0. to triage
1. to develop
3. to review
blocked
bug
discussion
duplicate
enhancement
enhancement
gateway:signal
gateway:signal
gateway:signal
gateway:sms
gateway:telegram
hacktoberfest
help wanted
invalid
needs info
php
pull-request
question
technical debt
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/twofactor_gateway-nextcloud#83
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @piti-diablotin on GitHub (Aug 26, 2020).
Original GitHub issue: https://github.com/nextcloud/twofactor_gateway/issues/374
Hi,
I was thinking, would it be convenient to add an XMPP gateway ? I'm ok to work on this if there is a need.
It would be an alternative to telegram/sms, can be totaly free if the admin has a hosted xmpp server (ejabberd/prosody/openfire)
The only question to @ChristophWurst is what XMPP library I should use. I'm afraid of conflicts like the last time with OVH 🤣
Cheers
@ChristophWurst commented on GitHub (Aug 26, 2020):
My concern with this is that it's not as trivial to send an XMPP message as it is to send a text message via a REST gateway. Do you have experience with working with XMPP?
@piti-diablotin commented on GitHub (Aug 26, 2020):
Well that's the purpose of using an xmpp library.
Either the connection is made with direct REST xml API or using the HTTP bosch alternative, the libray manage (or should)
Using a library simplify the use with just
It is as simple as this. I wrote a small bot once but it was in python with python-xmpp
How I see image things:
Create a bot login on the xmpp server which can send message to everyone.
Configure NC_TOTP with
Each user would need to enter its own JID in the TOTP settings (new category)
Test the connection as for the others.
Send TOTP via XMPP
@ChristophWurst commented on GitHub (Aug 26, 2020):
Feel free to experiment with this. I have my doubts about this claimed simplicity. We have to be careful with what to put into the user settings. They are quite specific to messaging gateways.
@dora71 commented on GitHub (Dec 31, 2022):
Any news about that? Would like to see it in Nextcloud. I can also test.
I think lots of others would also like it. There has already been an issue about that some time ago.
See #96
@dora71 commented on GitHub (Dec 31, 2022):
I think there can be (at least for prosody xmpp server) a relatively simple solution, if mod_rest is enabled. See: https://modules.prosody.im/mod_rest
With this, it should be quite similar to the bot-approach of Telegram.
It seems there is also a mod_res available for ejabberd, as mentioned here: https://docs.ejabberd.im/developer/ejabberd-api/
Hope this is worth a try. Would really appreciate it as an alternative to the "big players".
For prosody, I can give you a working example:
Admin will have to provide:
User will have to provide:
That's it ... a resulting curl call should be like this (with above example)
curl -u sender:password -H 'Content-Type: text/plain' --data-binary '2FA-Code' https://example.com/rest/message/chat/johndoe@example.com@ChristophWurst: Would that be a simplier approach to integrate xmpp as a 2FA provider?
@poVoq commented on GitHub (Dec 31, 2022):
There is a XEP for that: https://xmpp.org/extensions/xep-0070.html
A nice example implementation would be here: https://gitlab.com/jnanar/HTTPAuthentificationOverXMPP
@piti-diablotin commented on GitHub (Jan 3, 2023):
Sorry I did not work on that because I though my situation was not appropriate: my xmpp account and NC account use the same backend,therefore if one gets my username+password for NC, access the TOTP option, then it can also log in to my xmpp access and I think this is not secure although it would be convenient.
@dora71 commented on GitHub (Jan 24, 2023):
@piti-diablotin Think big! You could add a xmpp user account espacially for sending you your second factor and you can also change the receipient if you consider this more secure.
I am still interested in adding xmpp to the possibilities. I also would contribute code, but I am a programming newbie (in concern of knowledge, I am into it for quite a while now).
@ChristophWurst Is there a documentation for developers of this plugin, 'cause right now, I am not sure what is a good point to start with and what files I have to take in account.
@ChristophWurst commented on GitHub (Jan 30, 2023):
No but you can look at the closed PRs and see the other implementations as reference.
@dora71 commented on GitHub (Feb 15, 2023):
OK, that is what I did right now. Also took the Telegram part as orientation. I successfully implemented the admin section (occ configuration). I also can successfully test the xmpp gateway via occ twofactorauth:gateway:test
But where do I find the code to edit the user settings part? (where user has to enter the receiving JID, or for Telegram, the chat number)? Until now, the XMPP Gateway shows up in Security settings, but the rest is missing (as I can't find it). Any hints welcome.
@Neustradamus commented on GitHub (Jan 10, 2024):
It will be nice to have...
@dora71 commented on GitHub (Jan 11, 2024):
@Neustradamus as you can see above, my pull request has been merged so there is support for XMPP right now.
Only thing you need is a XMPP server which has some kind of HTTP API (tested with prosody that has either mod_rest or mod_post_msg enabled), but that is only needed for the XMPP Account which sends the 2FA. Reception works on every XMPP server.
What is still missing that you can use any XMPP Server you like for sending the 2FA. Therefore, there must be an implementation of an xmpp library somehow.
Feel free to study the fork at: https://github.com/dora71/twofactor_gateway