Email OTP

Authentication ::: auth_emailotp
Maintained by Paweł Suwiński
Email One-Time Password Authentication.
Latest release:
30 sites
80 downloads
4 fans

Email One-Time Password Authentication


Validates credentials and password if exists in current session or generates ones for session time on empty password which is treated as one-time password request and sends it to an email. Matches only valid email from allowed domains using global allowemailaddresses and denyemailaddresses settings if set.

Additional security can be set:

  • revoke threshold: login failures limit causing revoke of the generated password, works independently of the account lockout (lockoutthreshold and lockoutwindow site security settings) and covers additionally signing up
  • minimum request period: a time in seconds after which another password can be generated

Signup and user creation on first login if not prevented (global setting authpreventaccountcreation) takes place only in case of using email as username (not to be confused with the authloginviaemail global setting) and parts of email address may be mapped to profile fields using PCRE expressions.

Auth instruction setting (global auth_instructions) is recommended depending on the adopted user account policy and plugin configuration.


User profile fields mapping


Usage example:

Pattern:

#(?P<FIRST>[^\.]+)\.(?P<LAST>[^@]+)@(?P<COMPANY>[^\.]+).*#

Mapping:

firstname:FIRST:ucfirst
lastname:LAST:ucfirst
institution:COMPANY:strtoupper

maps my.name@corp.com to:

firstname: My
lastname: Name
institution: CORP

Allowed modifiers: ucfirst, ucwords, strtoupper.

Screenshots

Screenshot #0
Screenshot #1
Screenshot #2
Screenshot #3
Screenshot #4

Contributors

Paweł Suwiński (Lead maintainer)
Please login to view contributors details and/or to contact them

Comments RSS

Show comments
Please login to post comments