GoogleAuthenticatorX: Add 2-step verification to MODX manager login.

Honestly when I wrote the extra tag (Add 2-step verification to your modx manager) I thought that everyone will know what is that, but thanks to you, now I know that i should consider a firm documentation and a better explanations and how-to.

When I implemented this Extra I expect it to be a real bad-ass for MODX and a big security enhancement for it. But seems i need to know how to advertise it. I'm still awaiting for any bug reports (i know some of them already ) or enhancement ideas.

Excellent contribution - thanks Mina!

I'd like to implement this on a forthcoming project where we may also extend this to web user accounts.

I've posted a comment to Github.

Thanks lokust.

Currently it works only on the backend (manager), I was planning to extend it to front-end logging & integrate it with "Login" add-on, however unexpectedly the downloads are so few, and not much interactions

It's just a matter of time before this contribution gets picked up I think Cryptography is certainly a buzz in certain expanding circles right now. Integrating with Login would be excellent!

I just tried to install this. Carefully followed directions (user is sudo) - clicked "Show Secret" -- nothing happened. Tried to email the barcode to myself. Tried to email the user to myself. No emails received. (Nothing in spam, either.) I became worried about getting locked out so I created a second admin user AND uninstalled this extra. Sure would like to be able to use it, though... Help?

What's in modx logs?

Quote from: quantiumtech at Jan 11, 2017, 01:16 AM

I just tried to install this. Carefully followed directions (user is sudo) - clicked "Show Secret" -- nothing happened. Tried to email the barcode to myself. Tried to email the user to myself. No emails received. (Nothing in spam, either.) I became worried about getting locked out so I created a second admin user AND uninstalled this extra. Sure would like to be able to use it, though... Help?

Thanks very much for the quick response, Mina! Sorry, but I'm a total noob to MODX. What logs/where?

Manage, Reports, Error Log
Also use chrome "developer tools" and tell what network activities occur when you click "show secret". There should be a post to "assets/components/GoogleAuthenticatorX/connectors/connector.php" with the ID of the user (opened profile user), the response is JSON of all settings (secret, QRcode URI, status, etc.).

Be careful not to publish sensitive information!

I'm off to sleep, will check you response at morning.

Quote from: quantiumtech at Jan 11, 2017, 02:20 AM

Thanks very much for the quick response, Mina! Sorry, but I'm a total noob to MODX. What logs/where?