Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78511

Authentication: MFA - SMS factor

    XMLWordPrintable

Details

    • MOODLE_403_STABLE
    • MOODLE_404_STABLE
    • MDL-78511-master2
    • Hide

      When it comes to testing, this resource for testing SMS sending in AWS will likely come in handy: https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html

      Prerequisites

      To test this issue you'll need a Moodle that you have admin access to.

      You will need a resource for testing SMS sending in AWS.

      Having an admin account makes it easier to move through all of the test settings.
      If you don't have cli access to the instance make sure you have access to two separate admin accounts. As part of the testing will lock out a user.

      Setup

      More detailed setup instructions for MFA testing can be found in MDL-78509, the following setup are just the basics and there is some assumed knowledge.

      Third party libraries 

      1. Apply the patch and upgrade
      2. Login as admin.
      3. Navigate to: Site administration > plugins > administration tools > Multi-factor authentication
      4. Enable the "MFA plugin enabled" Checkbox

      Set up your SMS Sandbox

      1. Access to https://signin.aws.amazon.com with your credentials.
      2. From your AWS Console go to Amazon SNS / Mobile / Text messaging(SMS) and enable it.
      3. Include some "Sandbox destination phone numbers"
      4. From Security credentials: create a new Access keys for this and save the "Key", "Secret" and Region for the configuration in Moodle. 

      More information about SMS sandbox can be found 

      Test third party libraries

      1. As admin, go to "Site administration" / "Development" / "Third party libraries
      2. Verify that the library "AWS SDK for PHP" exist. 
      3. Verify that the library "JMESPath" exist. 

      Test Mobile phone SMS Authentication:

      1. Access to your Moodle as admin user.
      2. Go to "Admin tools" / "Multi-factor authentication" / "Mobile phone SMS"
      3. Enable the factor and include the AWS credentials created before
      4. Access to your user preferences / "Multi-factor authentication preferences"
      5. Set up "Mobile phone SMS" factor with a test phone number.
      6. Check you have received an SMS in your phone number
      7. Enter the code you received and continue. 
      8. Open another browser and access to Moodle with your user 
      9. Enter your username and password, 
      10. Check a new screen will be display where it will ask for the Mobile phone SMS
      11. Check you have received an SMS in your mobile. 
      12. Enter the code in the box and click on verify code
      13. Check you have been login successfully and you have access to Moodle.

       

      NOTE: If you mess things up and locked yourself out, you can disable the whole MFA plugin from the CLI:

      php admin/cli/cfg.php --component=tool_mfa --name=enabled --set=0

      Note2: Reset user authentication factors

      1. Access to your Moodle as admin user
      2. Go to "Plugins" / Multi-factor authentication / Reset user authentication factors
      3. Search by one user with authentication factors
      4. Click on button "Reset user factor"

      PHP Unit tests 

      Please run PHPUnit for admin/tool/mfa/factor/sms/tests/factor_test.php

      for the MDK can use the below command:

      mdk phpunit -r -u admin/tool/mfa/factor/sms/tests/factor_test.php

      Or

      vendor/bin/phpunit admin/tool/mfa/factor/sms/tests/factor_test.php

       

      Show
      When it comes to testing, this resource for testing SMS sending in AWS will likely come in handy: https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html Prerequisites To test this issue you'll need a Moodle that you have admin access to. You will need a resource for testing SMS sending in AWS. Having an admin account makes it easier to move through all of the test settings. If you don't have cli access to the instance make sure you have access to two separate admin accounts. As part of the testing will lock out a user. Setup More detailed setup instructions for MFA testing can be found in  MDL-78509 , the following setup are just the basics and there is some assumed knowledge. Third party libraries  Apply the patch and upgrade Login as admin. Navigate to: Site administration > plugins > administration tools > Multi-factor authentication Enable the "MFA plugin enabled" Checkbox Set up your SMS Sandbox Access to https://signin.aws.amazon.com with your credentials. From your AWS Console go to Amazon SNS / Mobile / Text messaging(SMS) and enable it. Include some "Sandbox destination phone numbers" From Security credentials: create a new Access keys for this and save the "Key", "Secret" and Region for the configuration in Moodle.  More information about SMS sandbox can be found  https://aws.amazon.com/blogs/compute/introducing-the-sms-sandbox-for-amazon-sns/ https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox-verifying-phone-numbers.html https://docs.aws.amazon.com/sns/latest/dg/sns-getting-started.html Test third party libraries As admin, go to "Site administration" / "Development" / "Third party libraries Verify that the library "AWS SDK for PHP" exist.  Verify that the library "JMESPath" exist.  Test Mobile phone SMS Authentication: Access to your Moodle as admin user. Go to "Admin tools" / "Multi-factor authentication" / "Mobile phone SMS" Enable the factor and include the AWS credentials created before Access to your user preferences / "Multi-factor authentication preferences" Set up "Mobile phone SMS" factor with a test phone number. Check you have received an SMS in your phone number Enter the code you received and continue.  Open another browser and access to Moodle with your user  Enter your username and password,  Check a new screen will be display where it will ask for the Mobile phone SMS Check you have received an SMS in your mobile.  Enter the code in the box and click on verify code Check you have been login successfully and you have access to Moodle.   NOTE :  If you mess things up and locked yourself out, you can disable the whole MFA plugin from the CLI : php admin/cli/cfg.php --component=tool_mfa --name=enabled --set=0 Note2: Reset user authentication factors Access to your Moodle as admin user Go to "Plugins" / Multi-factor authentication / Reset user authentication factors Search by one user with authentication factors Click on button "Reset user factor" PHP Unit tests  Please run PHPUnit for  admin/tool/mfa/factor/sms/tests/factor_test.php for the MDK can use the below command: mdk phpunit -r -u admin/tool/mfa/factor/sms/tests/factor_test.php Or vendor/bin/phpunit admin/tool/mfa/factor/sms/tests/factor_test.php  
    • 10
    • Team Hedgehog 2023 Sprint 3.1, Team Hedgehog 2023 Sprint 3.2, Team Hedgehog 2023 Sprint 4.1, Team Hedgehog 2023 Sprint 4.2, Team Hedgehog 2023 Sprint 4.3

    Description

      Add the SMS factor from tool_mfa into Moodle LMS.

      Currently this factor relies on: local_aws to provide the libraries to talk to the AWS API. It is a thin wrapper around the AWS PHP library with some sugar provided by Guzzle to make a couple of things easier.

      We now have Guzzle in core so we can use this.

      Part of the work will be including the AWS API library into core as a third part lib, so it can be used other places in the future.

      It will also refactoring the SMS factor to not require local_aws as a dependency.

      Attachments

        1. MDL-78511_SMS_disabled.png
          MDL-78511_SMS_disabled.png
          63 kB
        2. MDL-78511_SMS_Form_.png
          MDL-78511_SMS_Form_.png
          68 kB
        3. MDL-78511_SMS_Form_error_disabled.png
          MDL-78511_SMS_Form_error_disabled.png
          74 kB
        4. MDL-78511_SMS_try_another_factor_button.png
          MDL-78511_SMS_try_another_factor_button.png
          58 kB
        5. MFA sms authentication setup 18.png
          MFA sms authentication setup 18.png
          91 kB
        6. MFA sms authentication setup 19.png
          MFA sms authentication setup 19.png
          80 kB
        7. MFA sms authentication setup 20.png
          MFA sms authentication setup 20.png
          77 kB
        8. MFA sms authentication setup 22.png
          MFA sms authentication setup 22.png
          93 kB
        9. MFA sms authentication setup 27.png
          MFA sms authentication setup 27.png
          86 kB
        10. record12.webm
          6.01 MB
        11. screncast.webm
          257 kB
        12. SMS_Factor_admin_1.mp4
          9.42 MB
        13. step_10.png
          step_10.png
          159 kB
        14. step_11.png
          step_11.png
          53 kB
        15. step_5.png
          step_5.png
          135 kB
        16. step_6_11.png
          step_6_11.png
          426 kB
        17. step_7_1.png
          step_7_1.png
          70 kB
        18. step_7_2.png
          step_7_2.png
          92 kB
        19. Unsaved Image 2.png
          Unsaved Image 2.png
          75 kB

        Issue Links

          Activity

            People

              raquel.ortega@moodle.com Raquel Ortega
              matt.porritt@moodle.com Matt Porritt
              Meirza Meirza
              Ilya Tregubov Ilya Tregubov
              Huong Nguyen Huong Nguyen
              Votes:
              0 Vote for this issue
              Watchers:
              20 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 weeks, 4 days, 4 minutes
                  2w 4d 4m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.