Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
radiusdesk:login_pages:otp [2023/01/25 17:17] admin [Background] |
radiusdesk:login_pages:otp [2023/01/26 01:44] (current) admin [Enable System To Send OTPs] |
||
|---|---|---|---|
| Line 4: | Line 4: | ||
| * A user will typically provide a **mobile number** or **email address**. | * A user will typically provide a **mobile number** or **email address**. | ||
| * The system will then send a code to the mobile number using SMS or to the email address using an email. | * The system will then send a code to the mobile number using SMS or to the email address using an email. | ||
| - | * This code will be used to by the user to validate itself to the system. | + | * This code will be used by the user to validate itself to the system. |
| * As for February 2023 RADIUSdesk includes support for OTP verification for Captive Portal (Hotspot) users. | * As for February 2023 RADIUSdesk includes support for OTP verification for Captive Portal (Hotspot) users. | ||
| * We support the following ways to send the OTP: | * We support the following ways to send the OTP: | ||
| Line 16: | Line 16: | ||
| ===== Enable System To Send OTPs ===== | ===== Enable System To Send OTPs ===== | ||
| * In order for RADIUSdesk to send an OTP you have to configure the system to be able to send the OTP using email or SMS. | * In order for RADIUSdesk to send an OTP you have to configure the system to be able to send the OTP using email or SMS. | ||
| - | * RADIUSdesk allows for you to configure a system wide configuration but it also allows you to define per cloud setting | + | * RADIUSdesk allows for you to configure a system wide configuration but it also allows you to define per cloud settings |
| * See the following screenshot for the email configuration: | * See the following screenshot for the email configuration: | ||
| {{: | {{: | ||
| Line 29: | Line 29: | ||
| * As with the email settings you are also able to test the SMS Settings after configuration. | * As with the email settings you are also able to test the SMS Settings after configuration. | ||
| * You can also view the history of all the SMSs that the system sent out using that particular configuration by clicking the **Show Sent History** button. | * You can also view the history of all the SMSs that the system sent out using that particular configuration by clicking the **Show Sent History** button. | ||
| + | |||
| + | <WRAP center round tip 100%> | ||
| + | * These settings can also be specified per Cloud. | ||
| + | * Go to **Other** -> **Clouds**. | ||
| + | * Simply select the cloud for which you want to add more specific settings and edit it. | ||
| + | * These settings will take preference. | ||
| + | </ | ||
| + | ===== OTP For User Registration ===== | ||
| + | {{: | ||
| + | |||
| + | * The above screenshot should be mostly self explanatory. | ||
| + | * There is however one important point that should be mentioned on using Email for OTP. | ||
| + | * We sit with a bit of a chicken and egg situation since the person will need Internet access to get to their email to retrieve the OTP. | ||
| + | * We will thus provide them temporary Internet access for this action. | ||
| + | * This is what the **Temp login user** is for. | ||
| + | * You are advised to create a dedicated user with a special profile for this purpose. | ||
| + | * The profile should be | ||
| + | * Time limited. e.g. Session-Timeout should be 360 seconds (5minutes) | ||
| + | * The bandwidth should be limited. | ||
| + | * This will allow for the user that registers to retrieve the OTP from their email but not much beyond that in terms of Internet connection. | ||
| + | * The email with the OTP will also contain a link which the user can click to confirm the OTP to the system. | ||
| + | * This makes is easy if the WebView with the Captive Portal Login Page closed while the user retrieved the OTP from their email. | ||
| + | |||
| + | ===== OTP For Click To Connect ===== | ||
| + | {{: | ||
| + | |||
| + | * With OTP for Click To Connect there are one of two options. | ||
| + | * If you select the email option for the OTP, again you have to provide temporary Internet access to the user as with User Registration above. | ||
| + | * If you select SMS option (the user's mobile number) you don't need to provide anything since the OTP will be delivered as an SMS. | ||
| + | * We also again added a link in the email for the user to conveniently confirm the OTP by clicking on the link. | ||
| + | |||
| + | ===== Some Technical Items ===== | ||
| + | ==== Expiry of the OTP ==== | ||
| + | * The current expiry time for an OTP is two minutes. | ||
| + | * This can be adjusted by editing **/ | ||
| + | * Look for this line and adjust acordingly. | ||
| + | <code php> | ||
| + | protected $valid_minutes = 2; //The time that an OTP will be valid (in minutes) | ||
| + | </ | ||
| + | * For the verification through the Email link we expire the OTP after** $valid_minutes times two**. (4minutes) | ||
| + | |||
| + | ==== Disconnecting Temp Connection ==== | ||
| + | * The URL link in the email will cause a redirect to a special CoovaChilli URL that will log the user out (http:// | ||
| + | * For this to happen the user should be connected to the Captive Portal so that this URL can log them out. | ||
| + | |||
| + | <code php> | ||
| + | if($otp == $q_r-> | ||
| + | $success = true; | ||
| + | $this-> | ||
| + | $this-> | ||
| + | $user_id = $q_r-> | ||
| + | $q_pu = $this-> | ||
| + | if($q_pu){ | ||
| + | $this-> | ||
| + | $this-> | ||
| + | } | ||
| + | $this-> | ||
| + | return $this-> | ||
| + | |||
| + | }else{ | ||
| + | |||
| + | </ | ||
| + | <WRAP center round important 100%> | ||
| + | We are still looking for a similar way to disconnect users on a Mikrotik based Hotspot. | ||
| + | </ | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||