Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Could be useful as easier text message 2FA (no SMS gateway required) #269

Open
spotcatbug opened this issue Jan 7, 2022 · 2 comments
Open

Could be useful as easier text message 2FA (no SMS gateway required) #269

spotcatbug opened this issue Jan 7, 2022 · 2 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@spotcatbug
Copy link

I just got SMS 2FA working on my Nextcloud instance. It wasn't too bad, but I had to sign-up for an SMS gateway service. I'm willing to spend the ten cents or so for each 2FA text because I have very few users and we rarely logout.

A lot of (most? all?) cell carriers allow for sending text messages to a phone by sending an email to a specific email address that incorporates the cell phone's number. For example, to send a text message to a phone on the at&t wireless network, you can send an email to [phone number]@txt.att.net. Verizon is similar: [phone number]@vtext.com. If the app could be configured to send authorization codes to one of these email addresses, it would be equivalent (I think) to SMS 2FA, without requiring any sort of gateway setup.

I see two enhancements that would facilitate this use case:

  1. Allow for specification of the 2FA email address, separate from the user's primary email address (essentially different email address for 2FA #177).
  2. Allow for customization of the actual email content so that it can be formatted (shortened? - I haven't actually seen what the current email looks like) for better text message appearance.

I don't think there would be any need to explicitly call-out this use case. Just adding the necessary enhancements would allow people who are trying to setup SMS 2FA to figure it out. That's how I ended up installing this Nextcloud app; I thought, "Oh, maybe this email 2FA will let me email a text message." Alas, no - but so close.
@nursoda
Copy link
Owner

nursoda commented Feb 26, 2022
edited
Loading

Seems to be a good idea at first glance. You already referenced the issue that would allow for your use case except for the customizable mail body. Thus I see this as an enhancement that depends on the implementation of #177.

Yet, pondering upon it made me think that the USER would need to choose the correct gateway as I assume that a provider will only accept to send to customers on HIS network, right? It seems not robust If a user would need to properly set up (1) the gateway URL, and templates to (2) e-mail subject and (3) body.

Any comments and PRs welcome :)

@nursoda nursoda added enhancement New feature or request help wanted Extra attention is needed labels Feb 26, 2022
@jfieser
Copy link

jfieser commented Jun 26, 2023

Yet, pondering upon it made me think that the USER would need to choose the correct gateway as I assume that a provider will only accept to send to customers on HIS network, right? It seems not robust If a user would need to properly set up (1) the gateway URL, and templates to (2) e-mail subject and (3) body.

Also, if the end user changed their cell provider, then their gateway would also need changing and they would need to be logged into Nextcloud to change the gateway before they changed their provider.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jfieser @nursoda @spotcatbug