Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-79051

Authentication: MFA - Improve email template

    XMLWordPrintable

Details

    • MOODLE_403_STABLE
    • MOODLE_403_STABLE
    • master_MDL-79051
    • Hide

      Prerequisites

      To test this issue you'll need a Moodle that you have admin access to, can update code on and that is capable of sending emails.

      Having an admin account makes it easier to move through all of the test settings.
      If you don't have cli access to the instance make sure you have access to two separate admin accounts, in case you lock yourself out.

      Setup

      More detailed setup instructions for MFA testing can be found in MDL-78509, the following setup are just the basics and there is some assumed knowledge.

      1. Apply the patch and upgrade
      2. Log into the site as an admin
      3. Navigate to: Site administration > plugins > administration tools > Multi-factor authentication
      4. In the factor table enable the email factor
      5. Scroll down to "General MFA Settings"
      6. Enable the "MFA plugin enabled" Checkbox
      7. Click save changes

      Tests

      1. Enter the username and password and click login for the admin user you set up the factors for
      2. View the email in an email client that renders HTML email
      3. Check the first line of the email says: Hello {username} 👋
        1. Where {username} has been replace with the first name of your user
      4. Confirm the second line of the email contains your site full name and base URL
      5. Confirm the 6 digit code in the email is valid and logs you into Moodle when entered into the email form
      6. Log out of your Moodle.

       

      1. Enter the username and password and click login for the admin user you set up the factors for
      2. Follow the 'this verification link' from the device you entered your username an password from
      3. Confirm you are logged into Moodle
      4. Log out of your Moodle.
      1. Enter the username and password and click login for the admin user you set up the factors for
      2. Follow the 'stop this login attempt' from the email
      3. Confirm you are presented with the 'unauthorised email' page
      4. Click continue
      5. Confirm you see the following message: 'This code has been successfully revoked. All sessions for [User fullname] have been ended. Email will not be usable as a factor until account security has been verified.'

       

      1. Log into the site as an admin
      2. Navigate to: Site administration > appearance > logos
      3. Set a 'Compact logo' for the site
      4. Click 'save changes'
      5. Log out of your Moodle
      6. Enter the username and password and click login for the admin user you set up the factors for
      7. In the email received confirm that is now showing the compact site logo in the upper right of the email

       

       

      Show
      Prerequisites To test this issue you'll need a Moodle that you have admin access to, can update code on and that is capable of sending emails. Having an admin account makes it easier to move through all of the test settings. If you don't have cli access to the instance make sure you have access to two separate admin accounts, in case you lock yourself out. Setup More detailed setup instructions for MFA testing can be found in MDL-78509 , the following setup are just the basics and there is some assumed knowledge. Apply the patch and upgrade Log into the site as an admin Navigate to: Site administration > plugins > administration tools > Multi-factor authentication In the factor table enable the email factor Scroll down to "General MFA Settings" Enable the "MFA plugin enabled" Checkbox Click save changes Tests Enter the username and password and click login for the admin user you set up the factors for View the email in an email client that renders HTML email Check the first line of the email says: Hello {username} 👋 Where {username} has been replace with the first name of your user Confirm the second line of the email contains your site full name and base URL Confirm the 6 digit code in the email is valid and logs you into Moodle when entered into the email form Log out of your Moodle.   Enter the username and password and click login for the admin user you set up the factors for Follow the 'this verification link' from the device you entered your username an password from Confirm you are logged into Moodle Log out of your Moodle. Enter the username and password and click login for the admin user you set up the factors for Follow the 'stop this login attempt' from the email Confirm you are presented with the 'unauthorised email' page Click continue Confirm you see the following message: 'This code has been successfully revoked. All sessions for [User fullname] have been ended. Email will not be usable as a factor until account security has been verified.'   Log into the site as an admin Navigate to: Site administration > appearance > logos Set a 'Compact logo' for the site Click 'save changes' Log out of your Moodle Enter the username and password and click login for the admin user you set up the factors for In the email received confirm that is now showing the compact site logo in the upper right of the email    
    • 2
    • Team Hedgehog 2023 Sprint 3.1, Team Hedgehog 2023 Sprint 3.2

    Description

      There is room for improvement in the template of the email sent when using the email factor for MFA.

      We want improve the layout, display and information architecture of the email sent that contains the code for the email MFA factor.

      Attachments

        Issue Links

          Activity

            People

              matt.porritt@moodle.com Matt Porritt
              matt.porritt@moodle.com Matt Porritt
              Stevani Andolo Stevani Andolo
              Huong Nguyen Huong Nguyen
              Ron Carl Alfon Yu Ron Carl Alfon Yu
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 4 hours, 16 minutes
                  4h 16m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.