Replacement for old login_isValidLogin plugin hook? (to allow for third party 2FA)

2 posts by 2 authors in: Forums > CMS Builder
Last Post: June 3 (RSS)

Hey,

We used to use the plugin hook login_isValidLogin to add a third party 2FA to the CMS login process.

The hooked function would validate an extra input (the OTP code) on the login page (which itself is added by the login_content hook).

The login_content plugin hook still exists, so we can display the OTP field on the login screen but the login_isValidLogin is gone from the latest versions of CMS, and looking through the new User and Password classes, there doesn't seem to be any hook to add in this extra check.

Perhaps it'd go into the getLoginUserRecord or Password::isValid functions.

Is there a way to do this from the latest version (v3.76)? If not, what's the chances of having it added in the next update? :-)

Or, even better, have 2FA/OTP baked into CMSB?

Thanks
Rob

By Dave - June 3

Hi Rob,

Yes, we can add that back in, or something similar. I'll have a look through the code get back to you.

And yes, we have plans to add 2FA/OTP or some modern equivalent eventually, but it's further down the development plan list.

Dave Edis - Senior Developer
interactivetools.com