Website that checks OTP (email or google authenticator) with LDAP backend

Lezárva Kiadva: 2 évvel ezelőtt Kiszállításkor fizetve
Lezárva Kiszállításkor fizetve

Hi,

I want a website that asks the user for his email. Then he has the choice to select if he uses email or google authenticator for OTP.

In case of email, the email is checked

a) is it a valid email -> no, return error (out of scope: fail2ban will block IP)

b) yes, query LDAP with specific credentials to check if email is valid and a specific field is set to yes. In case of success, send code via email. If not successful return error (out of scope: fail2ban will block IP)

In case of google authenticator, open field to enter code. When press send

a) is it a valid email -> no, return error (out of scope: fail2ban will block IP)

b) yes, query LDAP with specific credentials to check if email is valid and retrieve whatever info is needed to validate the code. If not successful return error (out of scope: fail2ban will block IP)

In both cases, if the code is valid, write to log and (out of scope: fail2ban will whitelist IP for period of time). If code is wrong return error (out of scope: fail2ban will block IP).

I want this to be a github project with permissive license (no idea yet which). I was thinking of php as programming language and use one of those free OTP libraries available. Note: I want a simple site. Depending on the logfiles, fail2ban will do the "security" part of this project and that is up to me.

Small update: This OTP protection is not part of a big web project, but is only intended to write something in the NGINX log files, that fail2ban can read. Fail2ban then whitelists the users IP on the remote server. This is not very fast (< 10 seconds) but sufficient. This OTP website itself will be behind a NGINX proxy, so the connection to it will be unencrypted. The LDAP server can be reached unencrypted through ssh tunnel. You will need to bind to the LDAP server as specific user since anonymous queries are disabled. You will need to show me how to create the qr-code for google authenticator and what I have to store in the LDAP server.

Update2: I need s simple [login to view URL] file that looks like the attached file. User fills out the form. First check the fields, if everything is right, create a log entry fail2ban will evaluate. If any field does not meet the criteria, e.g. illegal character, create log entry fail2ban will evaluate.

Update 3: It should all be licensed under apache 2.0 license.

PHP Linux HTML Web Development

Projektazonosító: #31001754

A projektről

4 ajánlat Távolról teljesíthető projekt Utoljára aktív: 2 évvel ezelőtt

4 szabadúszó tett átlagosan 26$ összegű árajánlatot erre a munkára

saqibwebdesigner

Hey, Are you looking for a full stack developer to help you to customize and add backend functionalities on a pre-made website template of a social media website for gaming that you bought? We are a team of professio Továbbiak

$20 USD 7 napon belül
(0 vélemény)
0.0
arturr2

Hello, I have developed web applications for about 15 years, Im particular, I have solved this requirement for an Identity and authorization solution (Google otp based authentication 2fa and ldap auth) . I can show Továbbiak

$35 USD 1 napon belül
(0 vélemény)
0.0
IvanLomakin

Hello Dear Thank you so much for offering me the job opportunity. I appreciate the time you took to interview me, and I am very glad to become a part of your project. About Me As a highly skilled Full Stack Web develop Továbbiak

$20 USD 5 napon belül
(0 vélemény)
0.0