OTP / 2FA in Survey

Más
1 mes 1 semana antes #186497 por theendeavorist
Hey peeps,

I have searched the forum for an answer but couldn't find anything directly related:

The challenge for today: Is it possible to set up a 2FA/OTP (email/sms etc) in a Survey?

What I want to do is to have a survey with X questions, ending with a button which will send an One Time Password to the email address the specific survey has been sent out to. This OTP can then be entered in a field, the user click send/finish survey, the code gets validated and if correct, the Survey is finished. If the OTP is entered incorrect, the survey is not submitted.

What this solves in practice is that the person who owns the emailaddress/mailbox, needs to have access to this box. If the email/survey has been forwarded to someone else, they can't enter the OTP since it's going to the original email address for the specific survey.

Looking forward to your ideas and thanks for the feedback!

Por favor, Identificarse o Crear cuenta para unirse a la conversación.

LimeSurvey Partners
Más
1 mes 1 semana antes #186503 por DenisChenu
Respuesta de DenisChenu sobre el tema OTP / 2FA in Survey
Hi,

You must do a plugin for this

1. manual.limesurvey.org/AfterSurveyComplete to create the OTP and send the email
2. manual.limesurvey.org/NewDirectRequest to validate and show a page

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .
El siguiente usuario dijo gracias: cdorin, theendeavorist

Por favor, Identificarse o Crear cuenta para unirse a la conversación.

Más
1 mes 1 semana antes #186513 por Joffm
Respuesta de Joffm sobre el tema OTP / 2FA in Survey
To understand correctly:
After answering the questions - but before submitting - a password is created and sent to the respondent.
On the next page the respondent has to enter this password.
If correct he is able to submit.

I did this by an ajax call like this:
<script type="text/javascript" charset="utf-8">
$(document).on('ready pjax:scriptcomplete',function(){
  $.post('https://www.myServer.de/sendCode.php' , { pw: "{e1PW}", email: "{email}" },function(data) {
 
                   $('#question{QID} input[type="text"]').val(data)
 
			});
 $('#question{QID}').hide();
	});
</script>

sendCode.php is a very simple script that only sends the code to the email address.
Like this:
$Code=$_POST['pw'];
$email=$_POST['email'];
 
$mail             = new PHPMailer();
$mail->From       = 'example@ls.org';
$mail->FromName   = 'FromName';
$mail->Subject    = 'Your Code';
$mail->MsgHTML($Code);
$mail->AddAddress( $email);
$mail->Send();

And on the next page you can do something like that:




Volunteers are not paid.
Not because they are worthless, but because they are priceless
Adjuntos:
El siguiente usuario dijo gracias: theendeavorist

Por favor, Identificarse o Crear cuenta para unirse a la conversación.

Más
1 mes 1 día antes #186872 por theendeavorist
Respuesta de theendeavorist sobre el tema OTP / 2FA in Survey
Excellent explanations. I will have look, thanks for all the input!

Por favor, Identificarse o Crear cuenta para unirse a la conversación.

Más
1 mes 1 día antes #186873 por theendeavorist
Respuesta de theendeavorist sobre el tema OTP / 2FA in Survey
Thanks! I will have a look at these links for sure to see if I can get it up and running.

Por favor, Identificarse o Crear cuenta para unirse a la conversación.

Más
4 semanas 2 días antes #186964 por oledole
Respuesta de oledole sobre el tema OTP / 2FA in Survey
Hi. I'm working together with the Endeavorist to set this up but I'm running into some problems.

the sendCode.php script with some modifications works fine when going to its URL location to run it.

However it doesn't run when we try to run the ajax call in the survey.

How we are doing it right now:
We have a question of type short free text (code Q02).
In the source we have this code:

<script type="text/javascript" charset="utf-8">
$(document).on('ready pjax:scriptcomplete',function(){
$.post('oururl/sendCode.php' , { pw: "test", email: "Esta dirección de correo electrónico está siendo protegida contra los robots de spam. Necesita tener JavaScript habilitado para poder verlo." },function(data) {

$('#question{Q02} input[type="text"]').val(data)

});
$('#question{Q02}').hide();
});
</script>

Is this done right? If I understand it right the question insdie the $('#question') is the question where the code will be input. When does this script run? Is it when the question loads?

Thank you for your help.

Por favor, Identificarse o Crear cuenta para unirse a la conversación.

Más
4 semanas 2 días antes #186971 por tpartner
Respuesta de tpartner sobre el tema OTP / 2FA in Survey
This:
$('#question{Q02} input[type="text"]')

Should be this:
$('#question{QID} input[type="text"]')

The JavaScript will run when the page is loaded.

Cheers,
Tony Partner

Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
Official LimeSurvey Partner - partnersurveys.com
El siguiente usuario dijo gracias: oledole

Por favor, Identificarse o Crear cuenta para unirse a la conversación.

Más
4 semanas 2 días antes - 4 semanas 2 días antes #186974 por Joffm
Respuesta de Joffm sobre el tema OTP / 2FA in Survey
Hi, how can I know.
First question: equation "e1PW" to generate the password.
Second question: "short free text" with the script.
Third question "short free text": Please, enter the password, ...

All in one group - or not.

See here:
I got the mail


and the question
wrong:


correct:


I cannot say more. Now it's up to you.

Joffm

Okay, I see, tpartner found your problem.
And I saw, that this wasn't in the script I provided.
Remember, the curly brackets surround a Placeholder, here the questionID QID.


Volunteers are not paid.
Not because they are worthless, but because they are priceless
Adjuntos:
Última Edición: 4 semanas 2 días antes por Joffm.
El siguiente usuario dijo gracias: oledole

Por favor, Identificarse o Crear cuenta para unirse a la conversación.

Más
4 semanas 2 días antes #187005 por oledole
Respuesta de oledole sobre el tema OTP / 2FA in Survey
Hi. Thank you for your help so far.

I must be doing something wrong, because it is not working for me. I'm not very experienced in setting up surveys so perhaps I did something wrong with the questions?

Is there any chance you could provide an example survey file, so that I can see clearly how you've done it?

Por favor, Identificarse o Crear cuenta para unirse a la conversación.

Más
4 semanas 2 días antes #187007 por Joffm
Respuesta de Joffm sobre el tema OTP / 2FA in Survey
Better you send your example, so we may find an issue.

But here you are:

Archivo Adjunto:

Nombre del Archivo: limesurvey...8531.lss
Tamaño del Archivo:17 KB


Joffm


Volunteers are not paid.
Not because they are worthless, but because they are priceless
Adjuntos:
El siguiente usuario dijo gracias: oledole

Por favor, Identificarse o Crear cuenta para unirse a la conversación.

Más
4 semanas 1 día antes - 4 semanas 1 día antes #187024 por oledole
Respuesta de oledole sobre el tema OTP / 2FA in Survey
Hi.

I took a look at your file (thank you for providing it!) and saw what I did wrong. I really didn't know how to use the equation question type and I had some errors in my code. This is how it looks now:
<script type="text/javascript" charset="utf-8">
$(document).on('ready pjax:scriptcomplete',function(){
  $.post('oururl/sendCode.php' , { pw: "{e1PW}", email: "{TOKEN:EMAIL}" },function(data) {
 
                   $('#question{QID} input[type="text"]').val(data)
 
			});
 $('#question{QID}').hide();
	});
</script>

And this seems to work perfectly after multiple tests. Thank you for the help!

There is one weird thing that I don't know why is happening though. A piece of text saying "string(10) "Not Active" appears at the top of our result page (which otherwise looks normal):



Could this be because we've turned ajax mode off in our theme? We had to do this because of another plugin. Is there a way to hide this piece of text?

Thank you for your help.
Adjuntos:
Última Edición: 4 semanas 1 día antes por oledole.

Por favor, Identificarse o Crear cuenta para unirse a la conversación.

Más
4 semanas 1 día antes #187033 por DenisChenu
Respuesta de DenisChenu sobre el tema OTP / 2FA in Survey
Hi,

Doing it via javascript is a false good idea …

This line
$.post('https://www.eample.org/sendCode.php' , { pw: "{e1PW}", email: "{email}" },function(data) {
Are in the HTML source. Then it can be readed even without the email.

The only real secure solution is to do it in PHP only, for example

Create a hidden question with the pasword, you can use generateUniqId for example
Add a short text question at the last group
During beforeQuestionRender send the email.
During afterSurveyComplete (or beforeSurveyPage, unsure) check the validty of the answer with PHP only …

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .
El siguiente usuario dijo gracias: oledole

Por favor, Identificarse o Crear cuenta para unirse a la conversación.

¡Comenzar ahora!

Simplemente cree una cuenta y comience a usar LimeSurvey hoy mismo.

Registrarse ahora
¡Únase a nuestro boletín informativo!

Iniciar sesión