-
A new API is introduced, providing multi-factor authentication for the Core. The API is furthermore directly used to add two MFA providers by default: * TOTP (time-based one-time passwords) * Recovery codes Even if the API is designed to allow MFA in both, backend and frontend, it is currently only implemented into the backend. Users can therefore configure their available MFA providers in a new backend module, accessible via their user settings. There are also some configuration options for administrators to e.g. define a recommended provider or to disallow available providers for specific users or user groups. Administration of the users' MFA providers is possible for administrators in the corresponding user records. New providers can be introduced by implementing the MfaProviderInterface and tagging the service with the `mfa.provider` tag. Note that the API is currently marked as internal since changes in upcoming patches are to be expected. Following dependencies are introduced: * bacon/bacon-qr-code "^2.0" * christian-riesen/base32 "^1.5" Possible features that could follow later-on: * MFA frontend integration * Webauthn core provider for FIDO2 and U2F. * Forcing users to set up MFA on login * Password-recovery with active MFA Resolves: #93526 Releases: master Change-Id: I4e902be624c80295c9c0c3286c90a6a680feeb5d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67548 Reviewed-by:
Benjamin Franzke <bfr@qbus.de> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
core-ci <typo3@b13.com> Tested-by:
39145a46
