OTP

• A One Time Password or OTP is a common method of user verification.
• A user usually enters a cell phone number or an email address.
• The system then sends a code via SMS to the cell phone number or via e-mail to the email address.
• This code is used by the user to verify themselves to the system.
• From February 2023, RADIUSdesk will provide support for OTP verification for Captive Portal (Hotspot) users.
• We support the following ways to send the OTP:
  • SMS
  • Email
• We support OTP with:
  • Permanent user registration
  • Click-To-Connet
• The rest of this page deals with the configuration and technical details of the OTP functionality.

• For RADIUSdesk to be able to send an OTP, you must configure the system so that it can send the OTP by email or SMS.
• RADIUSdesk offers you the option of making a system-wide configuration, but you can also define settings per cloud, which then take precedence over the system-wide settings.
• The following screenshot shows the email configuration:

• We support Sendgrid and normal SMTP as a means of transport for the email.
• Once you have defined the configuration, click Save.
• Once you have saved the configuration, you can test it by clicking on the Test Email Settings button.
• You can also view the history of all emails that the system has sent with this particular configuration by clicking on the Show Sent History button.
• In the following screenshot you can see the SMS configuration.

• Most SMS providers have an API that you can use to send SMS.
• RADIUSdesk allows you to specify two SMS providers. Both can be active, but the system will only use the first active one it finds.
• As with the email settings, you can also test the SMS settings after configuration.
• You can also view the history of all SMS that the system has sent with this particular configuration by clicking the Show Sent History button.

• The screenshot above should be self-explanatory.
• However, there is one important point that should be mentioned when using email for OTP.
• We are in a bit of a chicken and egg situation as the person needs internet access to check their email and receive the OTP.
• So we will provide them with temporary internet access for this action.
• This is what the Temp login user is for.
• We recommend that you create a separate user with a special profile for this purpose.
• The profile should be
  • Time limited. e.g. Session-Timeout should be 360 seconds (5minutes)
  • The bandwidth should be limited.
• So the user who registers can retrieve the OTP from their email, but not much beyond that in terms of internet connection.
• The email with the OTP also contains a link that the user can click on to confirm the OTP to the system.
• This makes it easy when the WebView with the Captive Portal login page is closed while the user is retrieving the OTP from their email.

• With OTP for Click To Connect, there is one of two options.
• If you choose the email option for the OTP, you will need to provide the user with temporary internet access again, as with user registration above.
• If you choose the SMS option (the user's cell phone number), you do not need to do anything as the OTP will be delivered as an SMS.
• We have also included a link in the email again for the user to conveniently confirm the OTP by clicking on the link.

• The current expiry time for an OTP is two minutes.
• This can be adjusted by editing the files /var/www/html/cake4/rd_cake/src/Controller/RegisterUsersController.php and /var/www/html/cake4/rd_cake/src/Controller/DataCollectortsController.php files.
• Search for this line and adjust it accordingly.

protected $valid_minutes = 2; //The time that an OTP will be valid (in minutes)

• For the verification through the Email link we expire the OTP after $valid_minutes times two. (4minutes)

• The URL link in the email leads to a redirection to a special CoovaChilli URL that logs the user out (http://1.0.0.0).
• For this to happen, the user must be connected to the captive portal so that this URL can log them out.

if($otp == $q_r->value){
    $success = true;
    $this->{'PermanentUserOtps'}->patchEntity($q_r, ['status' => 'otp_confirmed']);
    $this->{'PermanentUserOtps'}->save($q_r);
    $user_id = $q_r->permanent_user_id;
    $q_pu = $this->{'PermanentUsers'}->find()->where(['PermanentUsers.id' =>$user_id])->first();
        if($q_pu){
		$this->{'PermanentUsers'}->patchEntity($q_pu, ['active' => 1]);
		$this->{'PermanentUsers'}->save($q_pu);
	} 								
	$this->response = $this->response->withHeader('Location', "http://1.0.0.0");      			
        return $this->response;
 
}else{