Company: Link Technologies
Case No: L12243. Project: 12.40: LinkSOFT Version 12.40 - 12.41
Logged By: Sanjay (Link Technologies) on 09 Nov 2020 08:52AM
Priority: Medium
Product: Framework
Group: New Feature
Time Taken: 26.00 (Weight: 26.00)
Version: 12.41
Assigned To: Sanjay (Link Technologies)
Circulation: Alvis, Rashna, Sanjay
Resolve By: Thursday, 06 May 2021 08:27 AM [1236 days since logged date]
Status: Closed
Subject: Add two-factor authentication to Linksoft web - Authenticator APP
Summary:    

To strengthen security, we need to add another factor into the authentication system.

We intend to implement the following second factors into the authentication system:

  1. Microsoft Authenticator

In version 12.40, we will implement Email Authentication as the second factor, followed by 2 and 3 in future versions. 

Design:

  1. When a user registers, we have a checkbox that will allow the user to select if Email authentication is enforced
  2. Administrators will be able to Enable/Disable the second-factor authentication
  3. Once the second-factor authentication is enabled, only the Administrator can disable 
  4. Two-factor authentication will not be implemented on POS as this is an on-premise system that is not accessible from external networks.
Audit Notes:Edited by sanjay on 30/04/21 15:35. Edited by sanjay on 30/04/21 15:34. 
30 Apr 202103:39PM Comment 1 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 04-05-2021 03:35 PM Time Taken: 22.00
PART A - Development work for this case has been completed.

1. The change will be available in version:12.40 Development Environment

2. The following changes were made(Include Database object names, Program classes, and any other relevant information):

  1. Added a flag on User Maintenance called "Enable Two Factor Authentication - Authenticator App"
  2. Added ability for a user to register for Two Factor when "changing Password". We need this at Change Password as the Account needs to be active.
  3. Added ability for Administrator to Enable/Disable 2FA from User Maintenance
  4. Added code to Login form to implement 2FA
  5. If Email and App TFA is enabled, the APP TFA is ignored.

3. Affected Areas:

  1. User Maintenance
  2. Change Password
  3. Create New User
  4. Login Form

4. The issue was caused by:

  1. Improvement and Expand 2FA

5. Notes
6. Next Step
(Review and System Test (Developer) -> UAT (Quality) -> Documentation): UAT and Provide suggestions. Use Link247 Development Environment to test.


03 May 202102:04PM Comment 2 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 04-05-2021 01:55 PM Time Taken: 1.00
QA Results
Tests carried out according to requirements specified on the case header

Test Results Summary

Table 1 - Summarised list of issues
NoTest DescriptionPass/Fail
1Added a flag on User Maintenance called "Enable Two Factor Authentication
Pass
2Added ability for a user to register for Two Factor when "changing Password".
Pass
3

Added ability for Administrator to Enable/Disable 2FA from User Maintenance.

Pass
4
  1. Create a new account as Sahana
  2. Login and go to "Change Password".
  3. Enter 123 under "Validate My Code",
  4. Tick "Check this box to ENABLE Two-factor Authentication (2FA)
  5. Click on "Enable 2FA"
  6. This should not enable 2FA because the code is invalid

Fails.

2FA is enabled with an invalid code.


Environment Details

  1. OS version: Windows Server 2012
  2. Application version: 12.400428GA
  3. Setup: Demo
  4. Server : 10.0.0.14
  5. Database: DEV-LINKSOFT

Next Step

  1. For Review

    04 May 202108:31AM Comment 3 by Sanjay (Link Technologies) Assigned To: Alvis (Link Technologies) Followup Date: 06-05-2021 08:27 AM Time Taken: 1.00 Notes: ETC extended from: 30/05/2021 to 06/05/2021

    Hi Rashna, the purpose of "Verify QR Code" is to Verify that the AP is set up properly. It is not a mandatory step.

    Alvis, please document the 2FA so the users understand the purpose of "Verify QR Code".


    04 May 202108:32AM Comment 4 by Sanjay (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 05-05-2021 08:31 AM Time Taken: 1.00 Notes: Edited by sanjay on 04/05/21 08:33. 
    Note for documentation: You can setup multiple devices to a single login, I have not restricted this in this version.

    04 May 202111:43AM Comment 5 by Alvis (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 05-05-2021 11:42 AM Time Taken: 1.00
    Documentation completed

    04 May 202102:16PM Comment 6 by Sanjay (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 05-05-2021 02:15 PM
    Thanks guys

    If you have any queries regarding this support incident, please email admin@linktechnologies.com.au and include the Case No: L12243 in the subject line of all emails regarding this issue.

    Document size: 9.5 KB
    For call complaints, please contact the Managing Director of the company using this form