MultiFactorAuthenticationHandler
Implements the code required for integrating with Joomla's Multi-factor Authentication.
Please keep in mind that Joomla's MFA, like any MFA method, is designed to be user-interactive. Moreover, it's meant to be used in an HTML- and JavaScript-aware execution environment i.e. a web browser, web view or similar.
If your application is designed to work non-interactively (e.g. a JSON API application) or outside and HTML- and JavaScript-aware execution environments (e.g. CLI) you MUST NOT use this trait. Authentication should be either implicit (e.g. CLI) or using sufficiently secure non- interactive methods (tokens, certificates, ...).
Regarding the Joomla CMS itself, only the SiteApplication (frontend) and AdministratorApplication (backend) applications use this trait because of this reason. The CLI application is implicitly authorised at the highest level, whereas the ApiApplication encourages the use of tokens for authentication.
| since |
4.2.0 |
|---|---|
| package |
Joomla CMS |
Methods
decryptLegacyTFAString
Tries to decrypt the legacy MFA configuration.
decryptLegacyTFAString( secret, stringToDecrypt) :
| see |
https://github.com/joomla/joomla-cms/pull/12497 |
|---|---|
| since |
4.2.0 |
Arguments
- secret
stringSite's secret key- stringToDecrypt
stringBase64-encoded and encrypted, JSON-encoded information
Response
stringDecrypted, but JSON-encoded, information
hasRejectedMultiFactorAuthenticationSetup
Does the user have a "don't show this again" flag?
hasRejectedMultiFactorAuthenticationSetup() :
| since |
4.2.0 |
|---|
Response
bool
isHandlingMultiFactorAuthentication
Handle the redirection to the Multi-factor Authentication captive login or setup page.
isHandlingMultiFactorAuthentication() :
| throws |
|
|---|---|
| since |
4.2.0 |
Response
boolTrue if we are currently handling a Multi-factor Authentication captive page.
isMultiFactorAuthenticationPage
Is this a page concerning the Multi-factor Authentication feature?
isMultiFactorAuthenticationPage( onlyCaptive = false) :
| since |
4.2.0 |
|---|
Arguments
- onlyCaptive
boolShould I only check for the MFA captive page?
Response
bool
isMultiFactorAuthenticationPending
Does the current user need to complete MFA authentication before being allowed to access the site?
isMultiFactorAuthenticationPending() :
| throws |
|
|---|---|
| since |
4.2.0 |
Response
bool
migrateFromLegacyMFA
Automatically migrates a user's legacy MFA records into the new Captive MFA format.
migrateFromLegacyMFA() :
| since |
4.2.0 |
|---|
Response
void
needsMultiFactorAuthenticationRedirection
Check whether we'll need to do a redirection to the Multi-factor Authentication captive page.
needsMultiFactorAuthenticationRedirection() :
| since |
4.2.0 |
|---|
Response
bool