Multiple instances of 2F modules
Summary
Several of our users are starting to implement 2F, and a common requirement is the ability to have multiple instances of a single type of 2F.
Exemple:
- personnal phone SMS + work phone SMS
- main mail + backup (gmail etc) mail
- or just having two different OTP systems that both use "External 2F"
The easy solution is to simply copy the module code and add configuration in lemonldap-ng.ini. But I'm trying to implement a more generic solution, accessible through the manager.
Design proposition
After experimenting a little, modifying the code in 2F/Engines/Default.pm so that it loads the same module multiple times (overriden through Lib/OverConf.pm) seems to work.
So, in the init
function, I simply plan to load a the duplicate modules into $self->sfModules, and run
will do the right thing!
I had to make the "prefix" editable so, leading to routes such as /workphone2fcheck , /homephone2fcheck , and so on instead of /ext2fcheck.
The manager UI should be very similar to the UI of the "Combination" auth module, with the ability to add extra "2F" providers, and add overriden parameters for them.
I have planned to restrict this new ability to modules that do NOT have registration features for now.
Do you guys see any potential issues with this design?