Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78511

Authentication: MFA - SMS factor

XMLWordPrintable

    • MOODLE_403_STABLE
    • MOODLE_404_STABLE
    • MDL-78511-master2
    • Hide

      When it comes to testing, this resource for testing SMS sending in AWS will likely come in handy: https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html

      Prerequisites

      To test this issue you'll need a Moodle that you have admin access to.

      You will need a resource for testing SMS sending in AWS.

      Having an admin account makes it easier to move through all of the test settings.
      If you don't have cli access to the instance make sure you have access to two separate admin accounts. As part of the testing will lock out a user.

      Setup

      More detailed setup instructions for MFA testing can be found inĀ MDL-78509, the following setup are just the basics and there is some assumed knowledge.

      Third party librariesĀ 

      1. Apply the patch and upgrade
      2. Login as admin.
      3. Navigate to: Site administration > plugins > administration tools > Multi-factor authentication
      4. Enable the "MFA plugin enabled" Checkbox

      Set up your SMS Sandbox

      1. Access to https://signin.aws.amazon.com with your credentials.
      2. From your AWS Console go to Amazon SNS / Mobile / Text messaging(SMS) and enable it.
      3. Include some "Sandbox destination phone numbers"
      4. From Security credentials: create a new Access keys for this and save the "Key", "Secret" and Region for the configuration in Moodle.Ā 

      More information about SMS sandbox can be foundĀ 

      Test third party libraries

      1. As admin, go to "Site administration" / "Development" / "Third party libraries
      2. Verify that the library "AWS SDK for PHP" exist.Ā 
      3. Verify that the library "JMESPath" exist.Ā 

      Test Mobile phone SMS Authentication:

      1. Access to your Moodle as admin user.
      2. Go to "Admin tools" / "Multi-factor authentication" / "Mobile phone SMS"
      3. Enable the factor and include the AWS credentials created before
      4. Access to your user preferences / "Multi-factor authentication preferences"
      5. Set up "Mobile phone SMS" factor with a test phone number.
      6. Check you have received an SMS in your phone number
      7. Enter the code you received and continue.Ā 
      8. Open another browser and access to Moodle with your userĀ 
      9. Enter your username and password,Ā 
      10. Check a new screen will be display where it will ask for the Mobile phone SMS
      11. Check you have received an SMS in your mobile.Ā 
      12. Enter the code in the box and click on verify code
      13. Check you have been login successfully and you have access to Moodle.

      Ā 

      NOTE:Ā If you mess things up and locked yourself out, you can disable the whole MFA plugin from the CLI:

      php admin/cli/cfg.php --component=tool_mfa --name=enabled --set=0

      Note2: Reset user authentication factors

      1. Access to your Moodle as admin user
      2. Go to "Plugins" / Multi-factor authentication / Reset user authentication factors
      3. Search by one user with authentication factors
      4. Click on button "Reset user factor"

      PHP Unit testsĀ 

      Please run PHPUnit forĀ admin/tool/mfa/factor/sms/tests/factor_test.php

      for the MDK can use the below command:

      mdk phpunit -r -u admin/tool/mfa/factor/sms/tests/factor_test.php

      Or

      vendor/bin/phpunit admin/tool/mfa/factor/sms/tests/factor_test.php

      Ā 

      Show
      When it comes to testing, this resource for testing SMS sending in AWS will likely come in handy: https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html Prerequisites To test this issue you'll need a Moodle that you have admin access to. You will need a resource for testing SMS sending in AWS. Having an admin account makes it easier to move through all of the test settings. If you don't have cli access to the instance make sure you have access to two separate admin accounts. As part of the testing will lock out a user. Setup More detailed setup instructions for MFA testing can be found inĀ  MDL-78509 , the following setup are just the basics and there is some assumed knowledge. Third party librariesĀ  Apply the patch and upgrade Login as admin. Navigate to: Site administration > plugins > administration tools > Multi-factor authentication Enable the "MFA plugin enabled" Checkbox Set up your SMS Sandbox Access to https://signin.aws.amazon.com with your credentials. From your AWS Console go to Amazon SNS / Mobile / Text messaging(SMS) and enable it. Include some "Sandbox destination phone numbers" From Security credentials: create a new Access keys for this and save the "Key", "Secret" and Region for the configuration in Moodle.Ā  More information about SMS sandbox can be foundĀ  https://aws.amazon.com/blogs/compute/introducing-the-sms-sandbox-for-amazon-sns/ https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox-verifying-phone-numbers.html https://docs.aws.amazon.com/sns/latest/dg/sns-getting-started.html Test third party libraries As admin, go to "Site administration" / "Development" / "Third party libraries Verify that the library "AWS SDK for PHP" exist.Ā  Verify that the library "JMESPath" exist.Ā  Test Mobile phone SMS Authentication: Access to your Moodle as admin user. Go to "Admin tools" / "Multi-factor authentication" / "Mobile phone SMS" Enable the factor and include the AWS credentials created before Access to your user preferences / "Multi-factor authentication preferences" Set up "Mobile phone SMS" factor with a test phone number. Check you have received an SMS in your phone number Enter the code you received and continue.Ā  Open another browser and access to Moodle with your userĀ  Enter your username and password,Ā  Check a new screen will be display where it will ask for the Mobile phone SMS Check you have received an SMS in your mobile.Ā  Enter the code in the box and click on verify code Check you have been login successfully and you have access to Moodle. Ā  NOTE : Ā If you mess things up and locked yourself out, you can disable the whole MFA plugin from the CLI : php admin/cli/cfg.php --component=tool_mfa --name=enabled --set=0 Note2: Reset user authentication factors Access to your Moodle as admin user Go to "Plugins" / Multi-factor authentication / Reset user authentication factors Search by one user with authentication factors Click on button "Reset user factor" PHP Unit testsĀ  Please run PHPUnit forĀ  admin/tool/mfa/factor/sms/tests/factor_test.php for the MDK can use the below command: mdk phpunit -r -u admin/tool/mfa/factor/sms/tests/factor_test.php Or vendor/bin/phpunit admin/tool/mfa/factor/sms/tests/factor_test.php Ā 
    • 10
    • Team Hedgehog 2023 Sprint 3.1, Team Hedgehog 2023 Sprint 3.2, Team Hedgehog 2023 Sprint 4.1, Team Hedgehog 2023 Sprint 4.2, Team Hedgehog 2023 Sprint 4.3

      Add the SMS factor from tool_mfa into Moodle LMS.

      Currently this factor relies on: local_aws to provide the libraries to talk to the AWS API. It is a thin wrapper around the AWS PHP library with some sugar provided by Guzzle to make a couple of things easier.

      We now have Guzzle in core so we can use this.

      Part of the work will be including the AWS API library into core as a third part lib, so it can be used other places in the future.

      It will also refactoring the SMS factor to not require local_aws as a dependency.

        1. MDL-78511_SMS_disabled.png
          MDL-78511_SMS_disabled.png
          63 kB
        2. MDL-78511_SMS_Form_.png
          MDL-78511_SMS_Form_.png
          68 kB
        3. MDL-78511_SMS_Form_error_disabled.png
          MDL-78511_SMS_Form_error_disabled.png
          74 kB
        4. MDL-78511_SMS_try_another_factor_button.png
          MDL-78511_SMS_try_another_factor_button.png
          58 kB
        5. MFA sms authentication setup 18.png
          MFA sms authentication setup 18.png
          91 kB
        6. MFA sms authentication setup 19.png
          MFA sms authentication setup 19.png
          80 kB
        7. MFA sms authentication setup 20.png
          MFA sms authentication setup 20.png
          77 kB
        8. MFA sms authentication setup 22.png
          MFA sms authentication setup 22.png
          93 kB
        9. MFA sms authentication setup 27.png
          MFA sms authentication setup 27.png
          86 kB
        10. record12.webm
          6.01 MB
        11. screncast.webm
          257 kB
        12. SMS_Factor_admin_1.mp4
          9.42 MB
        13. step_10.png
          step_10.png
          159 kB
        14. step_11.png
          step_11.png
          53 kB
        15. step_5.png
          step_5.png
          135 kB
        16. step_6_11.png
          step_6_11.png
          426 kB
        17. step_7_1.png
          step_7_1.png
          70 kB
        18. step_7_2.png
          step_7_2.png
          92 kB
        19. Unsaved Image 2.png
          Unsaved Image 2.png
          75 kB

            raquel.ortega@moodle.com Raquel Ortega
            matt.porritt@moodle.com Matt Porritt
            Meirza Meirza
            Ilya Tregubov Ilya Tregubov
            Huong Nguyen Huong Nguyen
            Votes:
            0 Vote for this issue
            Watchers:
            20 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 weeks, 4 days, 4 minutes
                2w 4d 4m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.