Merge branch 'feature/otp' into develop

author: Chocobozzz <me@florianbigard.com> 2022-10-10 11:19:58 +0200
committer: Chocobozzz <me@florianbigard.com> 2022-10-10 11:19:58 +0200
commit: 63fa260a81a8930c157b73c897fe8696a8cc90d4 (patch)
tree: 705ebfae42f9c59b2a1ac97779e4037102dfed1c /support
parent: 9b99d32804e99462c6f22df3ec3db9ec5bf8a18c (diff)
parent: 1ea868a9456439108fbd87255537093ed8bd456f (diff)
download: PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.tar.gz
PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.tar.zst
PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.zip
5 files changed, 121 insertions, 2 deletions
diff --git a/support/doc/api/openapi.yaml b/support/doc/api/openapi.yaml
index c62310b76..2fb154dbd 100644
--- a/support/doc/api/openapi.yaml
+++ b/support/doc/api/openapi.yaml
@@ -1126,6 +1126,97 @@ paths:
        '404':
          description: user not found
+  /users/{id}/two-factor/request:
+    post:
+      summary: Request two factor auth
+      operationId: requestTwoFactor
+      description: Request two factor authentication for a user
+      tags:
+        - Users
+      parameters:
+        - $ref: '#/components/parameters/id'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                currentPassword:
+                  type: string
+                  description: Password of the currently authenticated user
+      responses:
+        '200':
+          description: successful operation
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/RequestTwoFactorResponse'
+        '403':
+          description: invalid password
+        '404':
+          description: user not found
+  /users/{id}/two-factor/confirm-request:
+    post:
+      summary: Confirm two factor auth
+      operationId: confirmTwoFactorRequest
+      description: Confirm a two factor authentication request
+      tags:
+        - Users
+      parameters:
+        - $ref: '#/components/parameters/id'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                requestToken:
+                  type: string
+                  description: Token to identify the two factor request
+                otpToken:
+                  type: string
+                  description: OTP token generated by the app
+              required:
+                - requestToken
+                - otpToken
+      responses:
+        '204':
+          description: successful operation
+        '403':
+          description: invalid request token or OTP token
+        '404':
+          description: user not found
+  /users/{id}/two-factor/disable:
+    post:
+      summary: Disable two factor auth
+      operationId: disableTwoFactor
+      description: Disable two factor authentication of a user
+      tags:
+        - Users
+      parameters:
+        - $ref: '#/components/parameters/id'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                currentPassword:
+                  type: string
+                  description: Password of the currently authenticated user
+      responses:
+        '204':
+          description: successful operation
+        '403':
+          description: invalid password
+        '404':
+          description: user not found
  /users/ask-send-verify-email:
    post:
      summary: Resend user verification link
@@ -8146,6 +8237,21 @@ components:
          description: User can select live latency mode if enabled by the instance
          $ref: '#/components/schemas/LiveVideoLatencyMode'
+    RequestTwoFactorResponse:
+      properties:
+        otpRequest:
+          type: object
+          properties:
+            requestToken:
+              type: string
+              description: The token to send to confirm this request
+            secret:
+              type: string
+              description: The OTP secret
+            uri:
+              type: string
+              description: The OTP URI
    VideoStudioCreateTask:
      type: array
      items:
diff --git a/support/doc/docker.md b/support/doc/docker.md
index 97eecc3ad..267863a4d 100644
--- a/support/doc/docker.md
+++ b/support/doc/docker.md
@@ -49,6 +49,7 @@ In the downloaded example [.env](https://github.com/Chocobozzz/PeerTube/blob/mas
 - `<MY POSTGRES PASSWORD>`
 - `<MY DOMAIN>` without 'https://'
 - `<MY EMAIL ADDRESS>`
+- `<MY PEERTUBE SECRET>`
 Other environment variables are used in
 [/support/docker/production/config/custom-environment-variables.yaml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/custom-environment-variables.yaml) and can be
diff --git a/support/doc/production.md b/support/doc/production.md
index 64ddd9e48..b400ac451 100644
--- a/support/doc/production.md
+++ b/support/doc/production.md
@@ -115,8 +115,14 @@ $ cd /var/www/peertube
 $ sudo -u peertube cp peertube-latest/config/production.yaml.example config/production.yaml
 ```
-Then edit the `config/production.yaml` file according to your webserver
+Then edit the `config/production.yaml` file according to your webserver and database configuration. In particular:
-and database configuration (`webserver`, `database`, `redis`, `smtp` and `admin.email` sections in particular).
+ * `webserver`: Reverse proxy public information
+ * `secrets`: Secret strings you must generate manually (PeerTube version >= 5.0)
+ * `database`: PostgreSQL settings
+ * `redis`: Redis settings
+ * `smtp`: If you want to use emails
+ * `admin.email`: To correctly fill `root` user email
 Keys defined in `config/production.yaml` will override keys defined in `config/default.yaml`.
 **PeerTube does not support webserver host change**. Even though [PeerTube CLI can help you to switch hostname](https://docs.joinpeertube.org/maintain-tools?id=update-hostjs) there's no official support for that since it is a risky operation that might result in unforeseen errors.
diff --git a/support/docker/production/.env b/support/docker/production/.env
index 4e7b21ab6..b4e356a58 100644
--- a/support/docker/production/.env
+++ b/support/docker/production/.env
@@ -22,6 +22,9 @@ PEERTUBE_WEBSERVER_HOSTNAME=<MY DOMAIN>
 # pass them as a comma separated array:
 PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.18.0.0/16"]
+# Generate one using `openssl rand -hex 32`
+PEERTUBE_SECRET=<MY PEERTUBE SECRET>
 # E-mail configuration
 # If you use a Custom SMTP server
 #PEERTUBE_SMTP_USERNAME=
diff --git a/support/docker/production/config/custom-environment-variables.yaml b/support/docker/production/config/custom-environment-variables.yaml
index 9c84428b7..1d889fe7d 100644
--- a/support/docker/production/config/custom-environment-variables.yaml
+++ b/support/docker/production/config/custom-environment-variables.yaml
@@ -7,6 +7,9 @@ webserver:
    __name: "PEERTUBE_WEBSERVER_HTTPS"
    __format: "json"
+secrets:
+  peertube: "PEERTUBE_SECRET"
 trust_proxy:
  __name: "PEERTUBE_TRUST_PROXY"
  __format: "json"
author	Chocobozzz <me@florianbigard.com>	2022-10-10 11:19:58 +0200
committer	Chocobozzz <me@florianbigard.com>	2022-10-10 11:19:58 +0200
commit	63fa260a81a8930c157b73c897fe8696a8cc90d4 (patch)
tree	705ebfae42f9c59b2a1ac97779e4037102dfed1c /support
parent	9b99d32804e99462c6f22df3ec3db9ec5bf8a18c (diff)
parent	1ea868a9456439108fbd87255537093ed8bd456f (diff)
download	PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.tar.gz PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.tar.zst PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.zip

diff --git a/support/doc/api/openapi.yaml b/support/doc/api/openapi.yaml index c62310b76..2fb154dbd 100644 --- a/support/doc/api/openapi.yaml +++ b/support/doc/api/openapi.yaml
@@ -1126,6 +1126,97 @@ paths:
1126	'404':	1126	'404':
1127	description: user not found	1127	description: user not found
1128		1128
		1129	/users/{id}/two-factor/request:
		1130	post:
		1131	summary: Request two factor auth
		1132	operationId: requestTwoFactor
		1133	description: Request two factor authentication for a user
		1134	tags:
		1135	- Users
		1136	parameters:
		1137	- $ref: '#/components/parameters/id'
		1138	requestBody:
		1139	content:
		1140	application/json:
		1141	schema:
		1142	type: object
		1143	properties:
		1144	currentPassword:
		1145	type: string
		1146	description: Password of the currently authenticated user
		1147	responses:
		1148	'200':
		1149	description: successful operation
		1150	content:
		1151	application/json:
		1152	schema:
		1153	type: array
		1154	items:
		1155	$ref: '#/components/schemas/RequestTwoFactorResponse'
		1156	'403':
		1157	description: invalid password
		1158	'404':
		1159	description: user not found
		1160
		1161	/users/{id}/two-factor/confirm-request:
		1162	post:
		1163	summary: Confirm two factor auth
		1164	operationId: confirmTwoFactorRequest
		1165	description: Confirm a two factor authentication request
		1166	tags:
		1167	- Users
		1168	parameters:
		1169	- $ref: '#/components/parameters/id'
		1170	requestBody:
		1171	content:
		1172	application/json:
		1173	schema:
		1174	type: object
		1175	properties:
		1176	requestToken:
		1177	type: string
		1178	description: Token to identify the two factor request
		1179	otpToken:
		1180	type: string
		1181	description: OTP token generated by the app
		1182	required:
		1183	- requestToken
		1184	- otpToken
		1185	responses:
		1186	'204':
		1187	description: successful operation
		1188	'403':
		1189	description: invalid request token or OTP token
		1190	'404':
		1191	description: user not found
		1192
		1193	/users/{id}/two-factor/disable:
		1194	post:
		1195	summary: Disable two factor auth
		1196	operationId: disableTwoFactor
		1197	description: Disable two factor authentication of a user
		1198	tags:
		1199	- Users
		1200	parameters:
		1201	- $ref: '#/components/parameters/id'
		1202	requestBody:
		1203	content:
		1204	application/json:
		1205	schema:
		1206	type: object
		1207	properties:
		1208	currentPassword:
		1209	type: string
		1210	description: Password of the currently authenticated user
		1211	responses:
		1212	'204':
		1213	description: successful operation
		1214	'403':
		1215	description: invalid password
		1216	'404':
		1217	description: user not found
		1218
		1219
1129	/users/ask-send-verify-email:	1220	/users/ask-send-verify-email:
1130	post:	1221	post:
1131	summary: Resend user verification link	1222	summary: Resend user verification link
@@ -8146,6 +8237,21 @@ components:
8146	description: User can select live latency mode if enabled by the instance	8237	description: User can select live latency mode if enabled by the instance
8147	$ref: '#/components/schemas/LiveVideoLatencyMode'	8238	$ref: '#/components/schemas/LiveVideoLatencyMode'
8148		8239
		8240	RequestTwoFactorResponse:
		8241	properties:
		8242	otpRequest:
		8243	type: object
		8244	properties:
		8245	requestToken:
		8246	type: string
		8247	description: The token to send to confirm this request
		8248	secret:
		8249	type: string
		8250	description: The OTP secret
		8251	uri:
		8252	type: string
		8253	description: The OTP URI
		8254
8149	VideoStudioCreateTask:	8255	VideoStudioCreateTask:
8150	type: array	8256	type: array
8151	items:	8257	items:


diff --git a/support/doc/docker.md b/support/doc/docker.md index 97eecc3ad..267863a4d 100644 --- a/support/doc/docker.md +++ b/support/doc/docker.md
@@ -49,6 +49,7 @@ In the downloaded example [.env](https://github.com/Chocobozzz/PeerTube/blob/mas
49	- `<MY POSTGRES PASSWORD>`	49	- `<MY POSTGRES PASSWORD>`
50	- `<MY DOMAIN>` without 'https://'	50	- `<MY DOMAIN>` without 'https://'
51	- `<MY EMAIL ADDRESS>`	51	- `<MY EMAIL ADDRESS>`
		52	- `<MY PEERTUBE SECRET>`
52		53
53	Other environment variables are used in	54	Other environment variables are used in
54	[/support/docker/production/config/custom-environment-variables.yaml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/custom-environment-variables.yaml) and can be	55	[/support/docker/production/config/custom-environment-variables.yaml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/custom-environment-variables.yaml) and can be


diff --git a/support/doc/production.md b/support/doc/production.md index 64ddd9e48..b400ac451 100644 --- a/support/doc/production.md +++ b/support/doc/production.md
@@ -115,8 +115,14 @@ $ cd /var/www/peertube
115	$ sudo -u peertube cp peertube-latest/config/production.yaml.example config/production.yaml	115	$ sudo -u peertube cp peertube-latest/config/production.yaml.example config/production.yaml
116	```	116	```
117		117
118	Then edit the `config/production.yaml` file according to your webserver	118	Then edit the `config/production.yaml` file according to your webserver and database configuration. In particular:
119	and database configuration (`webserver`, `database`, `redis`, `smtp` and `admin.email` sections in particular).	119	* `webserver`: Reverse proxy public information
		120	* `secrets`: Secret strings you must generate manually (PeerTube version >= 5.0)
		121	* `database`: PostgreSQL settings
		122	* `redis`: Redis settings
		123	* `smtp`: If you want to use emails
		124	* `admin.email`: To correctly fill `root` user email
		125
120	Keys defined in `config/production.yaml` will override keys defined in `config/default.yaml`.	126	Keys defined in `config/production.yaml` will override keys defined in `config/default.yaml`.
121		127
122	PeerTube does not support webserver host change. Even though [PeerTube CLI can help you to switch hostname](https://docs.joinpeertube.org/maintain-tools?id=update-hostjs) there's no official support for that since it is a risky operation that might result in unforeseen errors.	128	PeerTube does not support webserver host change. Even though [PeerTube CLI can help you to switch hostname](https://docs.joinpeertube.org/maintain-tools?id=update-hostjs) there's no official support for that since it is a risky operation that might result in unforeseen errors.


diff --git a/support/docker/production/.env b/support/docker/production/.env index 4e7b21ab6..b4e356a58 100644 --- a/support/docker/production/.env +++ b/support/docker/production/.env
@@ -22,6 +22,9 @@ PEERTUBE_WEBSERVER_HOSTNAME=<MY DOMAIN>
22	# pass them as a comma separated array:	22	# pass them as a comma separated array:
23	PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.18.0.0/16"]	23	PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.18.0.0/16"]
24		24
		25	# Generate one using `openssl rand -hex 32`
		26	PEERTUBE_SECRET=<MY PEERTUBE SECRET>
		27
25	# E-mail configuration	28	# E-mail configuration
26	# If you use a Custom SMTP server	29	# If you use a Custom SMTP server
27	#PEERTUBE_SMTP_USERNAME=	30	#PEERTUBE_SMTP_USERNAME=


diff --git a/support/docker/production/config/custom-environment-variables.yaml b/support/docker/production/config/custom-environment-variables.yaml index 9c84428b7..1d889fe7d 100644 --- a/support/docker/production/config/custom-environment-variables.yaml +++ b/support/docker/production/config/custom-environment-variables.yaml
@@ -7,6 +7,9 @@ webserver:
7	__name: "PEERTUBE_WEBSERVER_HTTPS"	7	__name: "PEERTUBE_WEBSERVER_HTTPS"
8	__format: "json"	8	__format: "json"
9		9
		10	secrets:
		11	peertube: "PEERTUBE_SECRET"
		12
10	trust_proxy:	13	trust_proxy:
11	__name: "PEERTUBE_TRUST_PROXY"	14	__name: "PEERTUBE_TRUST_PROXY"
12	__format: "json"	15	__format: "json"