Filebrowser: 2FA

Created on 22 Nov 2017  Â·  7Comments  Â·  Source: filebrowser/filebrowser

This would be really nice to have. Specifically, TOTP and security keys (FIDO U2F).

How I envision it working:

  • Option to _require_ users to set up 2FA when they first log in OR if not enforced, just the option to set it up from their settings page
  • Generate a secret using an OTP lib, display the QR code to the user for them to scan it with their phone app, store the key for the user in the DB
  • Require the user to enter an OTP code to confirm they have it
  • Optionally, once they have OTP set up, they could add a security key as an alternative (e.g. shameless plug: https://bluink.ca/key, or a Yubikey)
  • U2F works by storing a key handle, certificate, public key and counter once registered. Most of the hard work is probably dealt with by the lib, but some stuff needs to be done with JS to enable the client-side support.

Libs you could use:

I can probably answer any questions you have about it.

feature ☘

Most helpful comment

I think this would be a very nice feature to have! Thanks for suggesting. I'll probably only be able to start this in three or four weeks when I start to have more time to give to this project. In the meanwhile, if you have time and are interested in this, you could fork the project and start implementing this 😄 I'd give my help if you needed.

All 7 comments

I think this would be a very nice feature to have! Thanks for suggesting. I'll probably only be able to start this in three or four weeks when I start to have more time to give to this project. In the meanwhile, if you have time and are interested in this, you could fork the project and start implementing this 😄 I'd give my help if you needed.

I use google authenticator for 2 step verification in other web applications.
Is it possible to implement this ??

Also waiting for this feature!

Any update?

A better way would be to rely on external authentication providers (Google, Facebook etc.), and configure your filebrowser installation to use the proxy authentication mode. You can use oauth2_proxy to provide the authentication for you, with nginx in front to handle the requests.

I'm closing this since this repository will be archived. Please read the information on the README for more information. Thanks for all your contributions!

Can we reopen this? Thank you!

Was this page helpful?
0 / 5 - 0 ratings

Related issues

quentin-rey picture quentin-rey  Â·  6Comments

mozzbozz picture mozzbozz  Â·  4Comments

princemaple picture princemaple  Â·  6Comments

zxysilent picture zxysilent  Â·  5Comments

GuyPaddock picture GuyPaddock  Â·  3Comments