Adding MFA #5664
Adding MFA #5664
Conversation
There was a problem hiding this comment.
Thanks @Codexnever for this contribution! I think is a great idea to add support for MFA, thanks for work on it :)
I think that maybe moving this to a separate example will fit better, as that way we can have basic auth and MFA auth covered
There was a problem hiding this comment.
I made some additional comments on the dependencies, as well is important to update the test: https://github.com/expressjs/express/blob/master/test/acceptance/auth.js
| "qs": "6.11.0", | ||
| "range-parser": "~1.2.1", | ||
| "safe-buffer": "5.2.1", | ||
| "send": "0.18.0", | ||
| "serve-static": "1.15.0", | ||
| "setprototypeof": "1.2.0", | ||
| "speakeasy": "^2.0.0", |
There was a problem hiding this comment.
Seems like is not maintained anymore: https://github.com/speakeasyjs/speakeasy
There was a problem hiding this comment.
i will update other depandency
| "path-to-regexp": "0.1.7", | ||
| "proxy-addr": "~2.0.7", | ||
| "qrcode": "^1.5.3", |
There was a problem hiding this comment.
This dependency requires Node@10 at least: https://github.com/soldair/node-qrcode/blob/master/package.json#L68. Currently we support 0.10 the minimum: https://github.com/expressjs/express/blob/master/.github/workflows/ci.yml#L29
| "merge-descriptors": "1.0.1", | ||
| "methods": "~1.1.2", | ||
| "on-finished": "2.4.1", | ||
| "parseurl": "~1.3.3", | ||
| "path": "^0.12.7", |
There was a problem hiding this comment.
This is an invalid dependency:
This is an exact copy of the NodeJS ’path’ module published to the NPM registry.
| "http-errors": "2.0.0", | ||
| "i18n": "^0.15.1", |
There was a problem hiding this comment.
It requires at least Node@10: https://github.com/mashpie/i18n-node/blob/master/package.json#L59
| @@ -40,21 +40,28 @@ | |||
| "encodeurl": "~2.0.0", | |||
| "escape-html": "~1.0.3", | |||
| "etag": "~1.8.1", | |||
| "express": "^4.19.2", | |||
There was a problem hiding this comment.
| "express": "^4.19.2", |
Express itself should not be included
Description
This pull request introduces a Multi-Factor Authentication (MFA) system to enhance security in the application. The MFA system adds an additional layer of verification during login, requiring users to enter a one-time verification code generated by an authenticator app after successfully providing their username and password.
Changes Made
/mfa/setupand/mfa/authenticate) to handle the setup process and code verification during login.speakeasylibrary, generating secret keys and QR codes for users to scan during setup.mfa-setup.ejsandmfa-authentication.ejs) to facilitate the MFA setup process and code verification.