Skip to content

feat(BA-1289): Allow anonymous users register TOTP key #4354

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 26 commits into from
May 28, 2025
Merged

feat(BA-1289): Allow anonymous users register TOTP key #4354

merged 26 commits into from
May 28, 2025

Conversation

fregataa
Copy link
Member

@fregataa fregataa commented May 8, 2025
edited
Loading

resolves #4324 (BA-1289)

Auth Flow

1. First login trial

Call POST <WEBSERVER_ENDPOINT>/server/login

Response JSON data is like below

{
    "authenticated": false,
    "data": {
        "type": "https://api.backend.ai/probs/require-totp-registration",
        "title": "Two-Factor Authentication registration required.",
        "details": "You must register Two-Factor Authentication.",
        "two_factor_registration_token": "eyJh..."
    }
}

2. TOTP activate

Call POST <WEBSERVER_ENDPOINT>/func/totp/anon API with JSON data below

{
    "registration_token": "eyJh..."
}

Response JSON data is like below

{
    "totp_key": "5ES3...",
    "totp_uri": "..."
}

3. After Register TOTP key - Login retry

Call POST <WEBSERVER_ENDPOINT>/server/login

Response JSON data is like below

{
    "authenticated": false,
    "data": {
        "type": "https://api.backend.ai/probs/require-totp-authentication",
        "title": "Two-Factor Authentication needed.",
        "details": "You must authenticate using Two-Factor Authentication."
    }
}

Checklist: (if applicable)

  • Milestone metadata specifying the target backport version
  • Mention to the original issue

@fregataa fregataa added this to the 25Q2 milestone May 8, 2025
@fregataa fregataa self-assigned this May 8, 2025
@github-actions github-actions bot added size:S 10~30 LoC comp:manager Related to Manager component comp:common Related to Common component comp:webserver Related to Web Server component labels May 8, 2025
@github-actions github-actions bot added size:XS ~10 LoC and removed size:S 10~30 LoC labels May 8, 2025
@github-actions github-actions bot added size:M 30~100 LoC comp:client Related to Client component and removed size:XS ~10 LoC labels May 12, 2025
@github-actions github-actions bot added size:L 100~500 LoC and removed size:M 30~100 LoC labels May 12, 2025
@fregataa fregataa requested a review from yomybaby May 12, 2025 13:54
HyeockJinKim
HyeockJinKim reviewed May 16, 2025
View reviewed changes
@fregataa fregataa requested a review from HyeockJinKim May 16, 2025 10:29
HyeockJinKim
HyeockJinKim reviewed May 17, 2025
View reviewed changes
@yomybaby yomybaby mentioned this pull request May 19, 2025
Open
@fregataa fregataa requested a review from HyeockJinKim May 23, 2025 14:04
@fregataa fregataa marked this pull request as ready for review May 23, 2025 14:07
@fregataa fregataa requested a review from ironAiken2 May 27, 2025 10:04
ironAiken2
ironAiken2 approved these changes May 28, 2025
View reviewed changes
Copy link
Contributor

@ironAiken2 ironAiken2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

HyeockJinKim
HyeockJinKim reviewed May 28, 2025
View reviewed changes
src/ai/backend/common/dto/manager/auth/field.py Outdated
Comment on lines 72 to 74
AuthAuthResponseType = (
AuthSuccessResponse | RequireTwoFactorRegistrationResponse | RequireTwoFactorAuthResponse
)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This type doesn't seem necessary.

@fregataa fregataa requested a review from HyeockJinKim May 28, 2025 09:20
@HyeockJinKim HyeockJinKim added this pull request to the merge queue May 28, 2025
Merged via the queue into main with commit f56441b May 28, 2025
29 checks passed
@HyeockJinKim HyeockJinKim deleted the feat/anonymous-totp branch May 28, 2025 09:39
@fregataa fregataa mentioned this pull request May 29, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HyeockJinKim HyeockJinKim HyeockJinKim approved these changes

@ironAiken2 ironAiken2 ironAiken2 approved these changes

@yomybaby yomybaby Awaiting requested review from yomybaby

Assignees

@fregataa fregataa

Labels
comp:client Related to Client component comp:common Related to Common component comp:manager Related to Manager component comp:webserver Related to Web Server component size:L 100~500 LoC
Projects
None yet
Milestone
25Q2
Development

Successfully merging this pull request may close these issues.

Check TOTP status in manager POST_AUTHORIZE hook
3 participants
@fregataa @HyeockJinKim @ironAiken2