RADIUSdesk

logo
Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
radiusdesk:login_pages:otp [2023/01/25 16:47]
admin [Enabling Sending OTP] 		radiusdesk:login_pages:otp [2023/01/26 01:44] (current)
admin [Enable System To Send OTPs]
Line 1: Line 1:
 ====== OTP ====== ====== OTP ======
 ===== Background ===== ===== Background =====
-  * One Time Password or OTP is a common method used for user verification.+  * One Time Password or OTP is a common method used for user verification.
   * A user will typically provide a **mobile number** or **email address**.   * A user will typically provide a **mobile number** or **email address**.
-  * The system will then send a code to the mobile number using SMS or the email address using an email. +  * The system will then send a code to the mobile number using SMS or to the email address using an email. 
-  * This code will be used to by the user to verify itself to the system.+  * This code will be used by the user to validate itself to the system.
   * As for February 2023 RADIUSdesk includes support for OTP verification for Captive Portal (Hotspot) users.   * As for February 2023 RADIUSdesk includes support for OTP verification for Captive Portal (Hotspot) users.
-  * We support the following ways to send the OTP+  * We support the following ways to send the OTP:
         * SMS         * SMS
         * Email         * Email
-  * We support OTP with+  * We support OTP with:
         * Permanent User Registration         * Permanent User Registration
         * Click-To-Connet         * Click-To-Connet
   * The rest of this page will discuss the configuration and technical detail of the OTP functionality.   * The rest of this page will discuss the configuration and technical detail of the OTP functionality.
  
-===== Enabling Sending OTP ===== +===== Enable System To Send OTPs ===== 
-  * In order for RADIUSdesk to send an OTP you have to configure the system to be able to send an email or SMS. +  * In order for RADIUSdesk to send an OTP you have to configure the system to be able to send the OTP using email or SMS. 
-  * RADIUSdesk allows for you to configure a system wide configuration but it also allows you to define per cloud setting which will take preference over they system wide settings.+  * RADIUSdesk allows for you to configure a system wide configuration but it also allows you to define per cloud settings which will take preference over the system wide settings.
   * See the following screenshot for the email configuration:   * See the following screenshot for the email configuration:
 {{:radiusdesk:login_pages:sendgrid_config.png?nolink|}} {{:radiusdesk:login_pages:sendgrid_config.png?nolink|}}
-  * We support Sendgrid and normal SMTP configuration.+  * We support Sendgrid and normal SMTP as a transport for the email.
   * After you specified the config press **Save**.   * After you specified the config press **Save**.
   * After you saved the configuration you can test it by clicking the **Test Email Settings** button.   * After you saved the configuration you can test it by clicking the **Test Email Settings** button.
-  * You can also view the history of all the emails that the system send out using this particular configuration by clicking the **Show Sent History** button.+  * You can also view the history of all the emails that the system sent out using this particular configuration by clicking the **Show Sent History** button. 
 +  * See the following screenshot for the SMS configuration. 
 +{{:radiusdesk:login_pages:sms_config.png?nolink|}} 
 +  * Most SMS providers has an API that you use to send SMSs. 
 +  * RADIUSdesk allows you to specify two SMS Providers. Both can be active however the system will only use the first active one it finds. 
 +  * As with the email settings you are also able to test the SMS Settings after configuration. 
 +  * You can also view the history of all the SMSs that the system sent out using that particular configuration by clicking the **Show Sent History** button. 
 + 
 +<WRAP center round tip 100%> 
 +  * These settings can also be specified per Cloud. 
 +  * Go to **Other** -> **Clouds**. 
 +  * Simply select the cloud for which you want to add more specific settings and edit it. 
 +  * These settings will take preference.  
 +</WRAP> 
 +===== OTP For User Registration ===== 
 +{{:radiusdesk:login_pages:user_registration.png?nolink|}} 
 + 
 +  * The above screenshot should be mostly self explanatory. 
 +  * There is however one important point that should be mentioned on using Email for OTP. 
 +  * We sit with a bit of a chicken and egg situation since the person will need Internet access to get to their email to retrieve the OTP. 
 +  * We will thus provide them temporary Internet access for this action. 
 +  * This is what the **Temp login user** is for. 
 +  * You are advised to create a dedicated user with a special profile for this purpose. 
 +  * The profile should be 
 +        * Time limited. e.g. Session-Timeout should be 360 seconds (5minutes) 
 +        * The bandwidth should be limited. 
 +  * This will allow for the user that registers to retrieve the OTP from their email but not much beyond that in terms of Internet connection. 
 +  * The email with the OTP will also contain a link which the user can click to confirm the OTP to the system. 
 +  * This makes is easy if the WebView with the Captive Portal Login Page closed while the user retrieved the OTP from their email. 
 + 
 +===== OTP For Click To Connect ===== 
 +{{:radiusdesk:login_pages:otp_click_to_connect.png?nolink|}} 
 + 
 +  * With OTP for Click To Connect there are one of two options. 
 +  * If you select the email option for the OTP, again you have to provide temporary Internet access to the user as with User Registration above. 
 +  * If you select SMS option (the user's mobile number) you don't need to provide anything since the OTP will be delivered as an SMS. 
 +  * We also again added a link in the email for the user to conveniently confirm the OTP by clicking on the link.   
 + 
 +===== Some Technical Items ===== 
 +==== Expiry of the OTP ==== 
 +  * The current expiry time for an OTP is two minutes. 
 +  * This can be adjusted by editing **/var/www/html/cake4/rd_cake/src/Controller/RegisterUsersController.php** and **/var/www/html/cake4/rd_cake/src/Controller/DataCollectortsController.php** files. 
 +  * Look for this line and adjust acordingly. 
 +<code php> 
 +protected $valid_minutes = 2; //The time that an OTP will be valid (in minutes) 
 +</code> 
 +  * For the verification through the Email link we expire the OTP after** $valid_minutes times two**. (4minutes) 
 + 
 +==== Disconnecting Temp Connection ==== 
 +  * The URL link in the email will cause a redirect to a special CoovaChilli URL that will log the user out (http://1.0.0.0). 
 +  * For this to happen the user should be connected to the Captive Portal so that this URL can log them out. 
 + 
 +<code php> 
 +if($otp == $q_r->value){ 
 +    $success = true; 
 +    $this->{'PermanentUserOtps'}->patchEntity($q_r, ['status' => 'otp_confirmed']); 
 +    $this->{'PermanentUserOtps'}->save($q_r); 
 +    $user_id = $q_r->permanent_user_id; 
 +    $q_pu = $this->{'PermanentUsers'}->find()->where(['PermanentUsers.id' =>$user_id])->first(); 
 +        if($q_pu){ 
 + $this->{'PermanentUsers'}->patchEntity($q_pu, ['active' => 1]); 
 + $this->{'PermanentUsers'}->save($q_pu); 
 + }  
 + $this->response = $this->response->withHeader('Location', "http://1.0.0.0");       
 +        return $this->response; 
 +  
 +}else{ 
 + 
 +</code> 
 +<WRAP center round important 100%> 
 +We are still looking for a similar way to disconnect users on a Mikrotik based Hotspot. 
 +</WRAP> 
 + 
 + 
 + 
 + 
 + 
 + 
    
  
  
  
Last modified: 2023/01/25 16:47