Extensions & Integrations

TOTP Login Verification

Add 2FA support via a third party authenticator app.
> npm i @apostrophecms/login-totp

ApostropheCMS logo

Apostrophe TOTP Login Verification

GitHub Workflow Status (branch)

This login verification module adds a TOTP (Time-based One-Time Password) check when any user logs into the site, compatible with Google Authenticator or any TOTP app. When activated, it will ask unregistered users to add a token to their app through a QR code. Once done, it will ask users to enter the code provided by their app after the initial login step.

Installation

To install the module, use the command line to run this command in an Apostrophe project's root directory:

npm install @apostrophecms/login-totp

Usage

Instantiate the TOTP login module in the app.js file:

require('apostrophe')({
  shortName: 'my-project',
  modules: {
    '@apostrophecms/login-totp': {}
  }
});

You must configure the @apostrophecms/login module with a TOTP secret, as shown. The secret must be exactly 10 characters long.

// modules/@apostrophecms/login/index.js
module.exports = {
  options: {
    totp: {
      // Should be a random string, exactly 10 characters long
      secret: 'totpsecret'
    }
  }
};

⚠️ All configuration of TOTP related options is done on the @apostrophecms/login module. The @apostrophecms/login-totp module is just an "improvement" to that module, so it has no configuration options of its own.

Resetting TOTP when a user loses their device

If a user loses their device, an admin can edit the appropriate user via the admin bar. Select "Yes" for the "Reset TOTP" field and save the user.

If an admin user loses their own device, they can reset TOTP via a command line task. Pass the username as the sole argument:

node app @apostrophecms/user:reset-totp username-goes-here

Once TOTP is reset, the user is able to set it up again on their next login.

Updated

2 months ago

Version

1.3.1

Report a bug