Post by eay3vjf27a » Thu Feb 04, 2021 8:45 pm

Hello,

I am using Opencart v3.0.2.0, without any particular extension. I made some modifications myself on some functions, but I did not touch anything concerning the files which manage the login process, I have difficulty understanding how it works.

I don't have the level to make a modification on a point as sensitive as the login process of Opencart, so rather than risk creating a loophole, what better than to ask for help directly from the community which has gave life to this project?

What I want is that in addition to entering their email and password to login, customers have to prove their identities with PGP, if and only if a public PGP key is present in their profiles (I added a custom field that they are free to complete or not in the account / edit page).

assumption: 2-FA in two steps, email + password, then must decrypt a PGP message

Client enters his email and password -> If no public PGP key added in his profile (or corrupted key, or it is not a PGP key), client is connected. Otherwise, if client has a public PGP key, a token is generated, encrypted with its public key -> Client must decrypt the message and paste the token in a field -> If the token entered is valid, client is connected, otherwise error and return on the login page.

I have already done some research and I thought to integrate this script to generate the token, encrypt it, and compare it to the client's entry: https://github.com/hardest1/pgp-2fa

Where I encounter a problem is that I do not know where to integrate it in the login function (normal, I do not understand anything about its operation ^^⁾, and also, I have to modify the login.twig file to show the text field that will contain the encrypted message, and the text field in which the client will enter the token after decryption (either a new page is loaded to display these two fields, or with a kind of window that unfolds, like on the checkout page, with the flaps that unfold as you advance in the ordering process).

I have done a lot of research and I have not found anyone who has already done this on Opencart, I hope your help can solve this problem. I will gladly give a tip to the one or those who will make me this modification;)

I hope to have been as clear as possible in what I want to do, I look forward to your answers!

Thank you in advance.

Newbie

Posts

Joined
Wed Oct 30, 2019 4:29 am

Post by kestas » Fri Feb 05, 2021 3:18 am


Custom OpenCart modules and solutions. You can write PM with additional questions... Extensions you can find here


Active Member

Posts

Joined
Tue Oct 12, 2010 2:23 am

Post by eay3vjf27a » Fri Feb 05, 2021 5:04 am

Thank you but I need PGP authentication, no sms or other. For customer only, not admin panel.

Newbie

Posts

Joined
Wed Oct 30, 2019 4:29 am
Who is online

Users browsing this forum: No registered users and 40 guests