require_mfa.rdoc

doc/guides/require_mfa.rdoc
Last Update: 2020-06-30 15:06:09 -0700

Require multifactor authentication after login

You may want to require multifactor authentication on login for people that have multifactor authentication set up. The require_authentication Rodauth method works for pages that require an authenticated user, but not for pages where authentication is optional.

You can set this up as follows:

plugin :rodauth do
  enable :login, :logout, :otp

  # If you don't want to show an error message when redirecting
  # to the multifactor authentication page.
  two_factor_need_authentication_error_flash nil

  # Display the same flash message after multifactor
  # authentication than is displayed after login
  two_factor_auth_notice_flash { login_notice_flash }
end

route do |r|
  r.rodauth

  if rodauth.logged_in? && rodauth.two_factor_authentication_setup?
    rodauth.require_two_factor_authenticated
  end

  # ...
end