diff options
| author | Joram Wilander <jwawilander@gmail.com> | 2016-12-12 08:16:10 -0500 |
|---|---|---|
| committer | enahum <nahumhbl@gmail.com> | 2016-12-12 10:16:10 -0300 |
| commit | 30a10d35a8406f4af96fcc8200c4e2173856837d (patch) | |
| tree | a2cc82592b3c7f6b6901d64fb4a3003180b7b154 /webapp/components/admin_console/mfa_settings.jsx | |
| parent | f0d71d87899967335210b9130a7e2b8d180bef46 (diff) | |
| download | chat-30a10d35a8406f4af96fcc8200c4e2173856837d.tar.gz chat-30a10d35a8406f4af96fcc8200c4e2173856837d.tar.bz2 chat-30a10d35a8406f4af96fcc8200c4e2173856837d.zip | |
PLT-4767 Implement MFA Enforcement (#4662)
* Create MFA setup page and remove MFA setup from account settings modal
* Add enforce MFA to system console and force redirect
* Lockdown mfa required API routes, add localization, other changes
* Minor fixes
* Fix typo
* Fix some unit tests
* Fix more unit tests
* Minor fix
* Updating UI for MFA screen (#4670)
* Updating UI for MFA screen
* Updating styles for MFA page
* Add the ability to switch between email/sso with MFA enabled
* Added mfa change email
* Minor UI updates for MFA enforcement
* Fix unit test
* Fix client unit test
* Allow switching email to ldap and back when MFA is enabled
* Fix unit test
* Revert config.json
Diffstat (limited to 'webapp/components/admin_console/mfa_settings.jsx')
| -rw-r--r-- | webapp/components/admin_console/mfa_settings.jsx | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/webapp/components/admin_console/mfa_settings.jsx b/webapp/components/admin_console/mfa_settings.jsx new file mode 100644 index 000000000..df6346fe4 --- /dev/null +++ b/webapp/components/admin_console/mfa_settings.jsx @@ -0,0 +1,99 @@ +// Copyright (c) 2016 Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +import AdminSettings from './admin_settings.jsx'; +import SettingsGroup from './settings_group.jsx'; +import BooleanSetting from './boolean_setting.jsx'; + +import React from 'react'; +import {FormattedMessage, FormattedHTMLMessage} from 'react-intl'; + +export default class MfaSettings extends AdminSettings { + constructor(props) { + super(props); + + this.getConfigFromState = this.getConfigFromState.bind(this); + + this.renderSettings = this.renderSettings.bind(this); + + this.state = Object.assign(this.state, { + enableMultifactorAuthentication: props.config.ServiceSettings.EnableMultifactorAuthentication, + enforceMultifactorAuthentication: props.config.ServiceSettings.EnforceMultifactorAuthentication + }); + } + + getConfigFromState(config) { + config.ServiceSettings.EnableMultifactorAuthentication = this.state.enableMultifactorAuthentication; + config.ServiceSettings.EnforceMultifactorAuthentication = this.state.enableMultifactorAuthentication && this.state.enforceMultifactorAuthentication; + + return config; + } + + getStateFromConfig(config) { + return { + enableMultifactorAuthentication: config.ServiceSettings.EnableMultifactorAuthentication, + enforceMultifactorAuthentication: config.ServiceSettings.EnableMultifactorAuthentication && config.ServiceSettings.EnforceMultifactorAuthentication + }; + } + + renderTitle() { + return ( + <h3> + <FormattedMessage + id='admin.mfa.title' + defaultMessage='Multi-factor Authentication' + /> + </h3> + ); + } + + renderSettings() { + return ( + <SettingsGroup> + <div className='banner'> + <div className='banner__content'> + <FormattedMessage + id='admin.mfa.bannerDesc' + defaultMessage='Multi-factor authentication is only available for accounts with LDAP and email login methods. If there are users on your system with other login methods, it is recommended you set up multi-factor authentication directly with the SSO or SAML provider.' + /> + </div> + </div> + <BooleanSetting + id='enableMultifactorAuthentication' + label={ + <FormattedMessage + id='admin.service.mfaTitle' + defaultMessage='Enable Multi-factor Authentication:' + /> + } + helpText={ + <FormattedMessage + id='admin.service.mfaDesc' + defaultMessage='When true, users will be given the option to add multi-factor authentication to their account. They will need a smartphone and an authenticator app such as Google Authenticator.' + /> + } + value={this.state.enableMultifactorAuthentication} + onChange={this.handleChange} + /> + <BooleanSetting + id='enforceMultifactorAuthentication' + label={ + <FormattedMessage + id='admin.service.enforceMfaTitle' + defaultMessage='Enforce Multi-factor Authentication:' + /> + } + helpText={ + <FormattedHTMLMessage + id='admin.service.enforceMfaDesc' + defaultMessage='When true, users on the system will be required to set up [multi-factor authentication]. Any logged in users will be redirected to the multi-factor authentication setup page until they successfully add MFA to their account.<br/><br/>It is recommended you turn on enforcement during non-peak hours, when people are less likely to be using the system. New users will be required to set up multi-factor authentication when they first sign up. After set up, users will not be able to remove multi-factor authentication unless enforcement is disabled.<br/><br/>Please note that multi-factor authentication is only available for accounts with LDAP and email login methods. Mattermost will not enforce multi-factor authentication for other login methods. If there are users on your system using other login methods, it is recommended you set up and enforce multi-factor authentication directly with the SSO or SAML provider.' + /> + } + disabled={!this.state.enableMultifactorAuthentication} + value={this.state.enforceMultifactorAuthentication} + onChange={this.handleChange} + /> + </SettingsGroup> + ); + } +} |