Geekly Articles each Day
📜 ⬆️ ⬇️

Two-factor SMS authorization in Redmine

image
As my colleague promised in one of the previous articles, we share our experience in setting up two-factor sms-authentication for use in Redmine as part of our work.

The idea of ​​adding a second authorization step is justified by the same increased data security when using the ticket system.
Initially, an OTP system based on Google Authenticator was tested .
It was not convenient for everyone to use this, so they decided to add another authorization option, at the request of the workers, via sms.


')
For implementation, a plug-in for Redmine was developed by our developer, who also managed to light up here.

The plugin is called corny redmine_sms_auth , it is easy to install and works stably.

Install and configure the plugin

We stop redmine.

We pull the plugin with github:

git clone https://github.com/olemskoi/redmine_sms_auth.git /opt/redmine/plugins/redmine_sms_auth


Perform migration:
 bundle exec rake redmine:plugins:migrate RAILS_ENV="production"


We enable the plugin in the Redmine /opt/redmine/config/configuration.yml config in the production section:

  sms_auth: command: '/usr/bin/curl --silent --show-error "https://smsc.ru/sys/send.php?charset=utf-8&login=LOGIN&psw=PASSWORD&phones=%{phone}&mes=factory.southbridge.ru code: %{password}"' password_length: 4


We use the smsc.ru service to send non-advertising messages.

For variables:
command is a way to use the message service, the plugin calls this particular command to send sms. In our case with smsc.ru it is more convenient to use curl;

LOGIN and PASSWORD - the login / password used for authorization in the sms service is indicated here;

phones =% {phone} - phone number, taken from the field in the user credentials;

mes = factory.southbridge.ru is for users to see from whom an incomprehensible set of numbers has come and are not afraid;

password_length: 4 - password length.

Run Redmine.

Setup by Redmine

On the adjustment side of the redmine, everything looks as follows.
On the page with user credentials, the phone number is entered in the Mobile phone field in the format + 7 (or in any other format, as long as its third-party sending service accepts).

We change the authentication mode from “Internal” to “SMS” and apply the changes.

Now, upon authorization after entering the login / password, the code will be requested in the following form:
image

If necessary, you can request sms again.

The end!

All comments / recommendations / additions are accepted with pleasure.

Thanks for attention!

Source: https://habr.com/ru/post/178073/

More articles:


All Articles