E-Mail as Second Factor ======================= This plugin adds the user's e-mail account as a second authentication factor. After logging in through another authentication module, a one-time code will be generated by the portal and sent to the user's e-mail address. The user will be prompted for this code in order to finish the login process. .. attention:: This plugin will only improve security in situations where the user's email is not protected by the same password used to login on LemonLDAP::NG. And of course, if the user's email account is also protected by LemonLDAP::NG, they will not be able to open their mailbox to find out their one-time code. Configuration ~~~~~~~~~~~~~ Before configuring this module, make sure the user's email address is correctly fetched from your UserDB plugin and appears in the session browser. If you want to store the user e-mail in a different session field than ``mail``, go to "General Parameters » Advanced parameters » SMTP" and set the "Session key containing mail address" parameter. All parameters are configured in "General Parameters » Second factors » Mail second factor". - **Activation**: Set to ``On`` to activate this module. If a user does not have an email address, they will encounter an error on login. If you want to use this plugin only for users who have an email address, use ``$mail`` (or whatever your e-mail session key is) as the activation rule. - **Code regex**: The regular expression used to generate one-time codes. The default is a 6-digit code. - **Code timeout**: It might take a while for users to open their e-mail account and find the code. Raise this timeout if the default (2 minutes) isn't enough. - **Mail subject**: The subject of the email the user will receive. If you leave it blank, it will be looked up in translation files. - **Mail body**: The plain text content of the email the user will receive. If you leave it blank, the ``mail_2fcode`` HTML template will be used. The one-time code is stored in the ``$code`` variable - **Re-send interval**: Set this to a non-empty value to allow the user to re-send the code in case a transmission error occured. The value sets how many seconds the user has to wait before each attempt - **Authentication level** (Optional): if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5 - **Label** (Optional): label that should be displayed to the user on the choice screen - **Logo** (Optional): logo file *(in static/ directory)*