MultiFactorAuthenticationHandler

Implements the code required for integrating with Joomla's Multi-factor Authentication.

Please keep in mind that Joomla's MFA, like any MFA method, is designed to be user-interactive. Moreover, it's meant to be used in an HTML- and JavaScript-aware execution environment i.e. a web browser, web view or similar.

If your application is designed to work non-interactively (e.g. a JSON API application) or outside and HTML- and JavaScript-aware execution environments (e.g. CLI) you MUST NOT use this trait. Authentication should be either implicit (e.g. CLI) or using sufficiently secure non- interactive methods (tokens, certificates, ...).

Regarding the Joomla CMS itself, only the SiteApplication (frontend) and AdministratorApplication (backend) applications use this trait because of this reason. The CLI application is implicitly authorised at the highest level, whereas the ApiApplication encourages the use of tokens for authentication.

since

4.2.0

package

Joomla CMS

Methods

decryptLegacyTFAString

Tries to decrypt the legacy MFA configuration.

decryptLegacyTFAString(string secret, string stringToDecrypt) : string
see

https://github.com/joomla/joomla-cms/pull/12497

since

4.2.0

Arguments

secret

stringSite's secret key

stringToDecrypt

stringBase64-encoded and encrypted, JSON-encoded information

Response

stringDecrypted, but JSON-encoded, information

hasRejectedMultiFactorAuthenticationSetup

Does the user have a "don't show this again" flag?

hasRejectedMultiFactorAuthenticationSetup() : bool
since

4.2.0

Response

bool

isHandlingMultiFactorAuthentication

Handle the redirection to the Multi-factor Authentication captive login or setup page.

isHandlingMultiFactorAuthentication() : bool
throws

\Exception

since

4.2.0

Response

boolTrue if we are currently handling a Multi-factor Authentication captive page.

isMultiFactorAuthenticationPage

Is this a page concerning the Multi-factor Authentication feature?

isMultiFactorAuthenticationPage(bool onlyCaptive = false) : bool
since

4.2.0

Arguments

onlyCaptive

boolShould I only check for the MFA captive page?

Response

bool

isMultiFactorAuthenticationPending

Does the current user need to complete MFA authentication before being allowed to access the site?

isMultiFactorAuthenticationPending() : bool
throws

\Exception

since

4.2.0

Response

bool

migrateFromLegacyMFA

Automatically migrates a user's legacy MFA records into the new Captive MFA format.

migrateFromLegacyMFA() : void
since

4.2.0

needsMultiFactorAuthenticationRedirection

Check whether we'll need to do a redirection to the Multi-factor Authentication captive page.

needsMultiFactorAuthenticationRedirection() : bool
since

4.2.0

Response

bool