Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| radius:login_otp [2024/02/13 15:03] – created system | radius:login_otp [2024/02/13 16:04] (current) – [Activating the system for sending OTPs] system | ||
|---|---|---|---|
| Line 5: | Line 5: | ||
| ----- | ----- | ||
| + | ====== OTP ====== | ||
| + | ===== Background ===== | ||
| + | * A One Time Password or OTP is a common method of user verification. | ||
| + | * A user usually enters a **cell phone number** or an **email address**. | ||
| + | * The system then sends a code via SMS to the cell phone number or via e-mail to the email address. | ||
| + | * This code is used by the user to verify themselves to the system. | ||
| + | * From February 2023, RADIUSdesk will provide support for OTP verification for Captive Portal (Hotspot) users. | ||
| + | * We support the following ways to send the OTP: | ||
| + | * SMS | ||
| + | |||
| + | * We support OTP with: | ||
| + | * Permanent user registration | ||
| + | * Click-To-Connet | ||
| + | * The rest of this page deals with the configuration and technical details of the OTP functionality. | ||
| + | ===== Activating the system for sending OTPs ===== | ||
| + | * For RADIUSdesk to be able to send an OTP, you must configure the system so that it can send the OTP by email or SMS. | ||
| + | * RADIUSdesk offers you the option of making a system-wide configuration, | ||
| + | * The following screenshot shows the email configuration: | ||
| + | <panel type=" | ||
| + | {{: | ||
| + | </ | ||
| + | * We support Sendgrid and normal SMTP as a means of transport for the email. | ||
| + | * Once you have defined the configuration, | ||
| + | * Once you have saved the configuration, | ||
| + | * You can also view the history of all emails that the system has sent with this particular configuration by clicking on the **Show Sent History** button. | ||
| + | * In the following screenshot you can see the SMS configuration. | ||
| + | |||
| + | <panel type=" | ||
| + | {{: | ||
| + | </ | ||
| + | |||
| + | * Most SMS providers have an API that you can use to send SMS. | ||
| + | * RADIUSdesk allows you to specify two SMS providers. Both can be active, but the system will only use the first active one it finds. | ||
| + | * As with the email settings, you can also test the SMS settings after configuration. | ||
| + | * You can also view the history of all SMS that the system has sent with this particular configuration by clicking the **Show Sent History** button. | ||
| + | |||
| + | <alert type=" | ||
| + | * These settings can also be set per cloud. | ||
| + | * Go to **Other** -> **Clouds**. | ||
| + | * Simply select the cloud for which you want to add more specific settings and edit them. | ||
| + | * These settings will then take precedence. | ||
| + | </ | ||
| + | ===== OTP for user registration ===== | ||
| + | <panel type=" | ||
| + | {{: | ||
| + | </ | ||
| + | |||
| + | * The screenshot above should be self-explanatory. | ||
| + | * However, there is one important point that should be mentioned when using email for OTP. | ||
| + | * We are in a bit of a chicken and egg situation as the person needs internet access to check their email and receive the OTP. | ||
| + | * So we will provide them with temporary internet access for this action. | ||
| + | * This is what the **Temp login user** is for. | ||
| + | * We recommend that you create a separate user with a special profile for this purpose. | ||
| + | * The profile should be | ||
| + | * Time limited. e.g. Session-Timeout should be 360 seconds (5minutes) | ||
| + | * The bandwidth should be limited. | ||
| + | * So the user who registers can retrieve the OTP from their email, but not much beyond that in terms of internet connection. | ||
| + | * The email with the OTP also contains a link that the user can click on to confirm the OTP to the system. | ||
| + | * This makes it easy when the WebView with the Captive Portal login page is closed while the user is retrieving the OTP from their email. | ||
| + | |||
| + | ===== OTP For Click To Connect ===== | ||
| + | <panel type=" | ||
| + | {{: | ||
| + | </ | ||
| + | |||
| + | * With OTP for Click To Connect, there is one of two options. | ||
| + | * If you choose the email option for the OTP, you will need to provide the user with temporary internet access again, as with user registration above. | ||
| + | * If you choose the SMS option (the user's cell phone number), you do not need to do anything as the OTP will be delivered as an SMS. | ||
| + | * We have also included a link in the email again for the user to conveniently confirm the OTP by clicking on the link. | ||
| + | |||
| + | ===== Some Technical Items ===== | ||
| + | ==== Expiry of the OTP ==== | ||
| + | * The current expiry time for an OTP is two minutes. | ||
| + | * This can be adjusted by editing the files **/ | ||
| + | * Search for this line and adjust it accordingly. | ||
| + | <code php> | ||
| + | protected $valid_minutes = 2; //The time that an OTP will be valid (in minutes) | ||
| + | </ | ||
| + | * For the verification through the Email link we expire the OTP after** $valid_minutes times two**. (4minutes) | ||
| + | |||
| + | ==== Disconnecting Temp Connection ==== | ||
| + | * The URL link in the email leads to a redirection to a special CoovaChilli URL that logs the user out (http:// | ||
| + | * For this to happen, the user must be connected to the captive portal so that this URL can log them out. | ||
| + | |||
| + | <code php> | ||
| + | if($otp == $q_r-> | ||
| + | $success = true; | ||
| + | $this-> | ||
| + | $this-> | ||
| + | $user_id = $q_r-> | ||
| + | $q_pu = $this-> | ||
| + | if($q_pu){ | ||
| + | $this-> | ||
| + | $this-> | ||
| + | } | ||
| + | $this-> | ||
| + | return $this-> | ||
| + | |||
| + | }else{ | ||
| + | |||
| + | </ | ||
| + | |||
| + | <alert type=" | ||
| + | We are still looking for a similar way to disconnect users on a Mikrotik based Hotspot. | ||
| + | </ | ||