Enhancement #1200

One time password to download order product

Added by Portier Thomas over 3 years ago. Updated over 1 year ago.

Status:ClosedStart date:11/20/2015
Priority:NormalDue date:
Assignee:Van Hoecke Hélène % Done:

100%

Category:SHOP
Target version:4.5.0
Sponsor: Ergonomic impact:

none if the option is not set

Functional impact:

Add one time password functionnality


Description

A one time password feature could be added to EasySDI :
- The platform administrator can configure the "SHOP" component to allow resource managers to use a new one-time password feature that will permit to securize the download prodcut of an order
- The manager of a resource will enable for a given product the one time password feature
- In response to a command on this type of product, a specific email will be sent to the user specifying it a unique password generated automatically by EasySDI allowing him to download the corresponding data
- When downloading the file, an intermediate page will ask the user to enter the password sent by email . If the password is correct, the download starts and the file is deleted from the server, the user can not download the file anymore (it will be disabled in the download panel)

onetimepassword.png (64 KB) Portier Thomas, 11/20/2015 12:31 PM

onetimepassword_v2.png (90.8 KB) Portier Thomas, 06/10/2016 10:08 AM

History

#1 Updated by Portier Thomas over 3 years ago

  • Status changed from New to Rejected

#2 Updated by Portier Thomas about 3 years ago

  • Status changed from Rejected to New

#3 Updated by Portier Thomas about 3 years ago

new process attached

#4 Updated by Van Hoecke Hélène about 3 years ago

  • Assignee changed from Technical Committee to Portier Thomas

COTEC asks for more implementation details

#5 Updated by Portier Thomas about 3 years ago

  • Assignee changed from Portier Thomas to Technical Committee

Add a new yes/no option in the SHOP options : otpactivated
Add a new field "otp" in the #_sdi_diffusion table
Add a new option "otp" in the front-end diffusion panel only if option "otpactivated" is set to yes

Add a new field "otp" in the #_sdi_order_diffusion table
Add a new field "otpchance" in the #_sdi_order_diffusion table

Add a new productstate : PRODUCTSTATE_BLOCKED (8) if a user tried 3 times a wrong password.

In the order list or in the detail order, if a product has the "otp" option activated, the download is not launched directly.
It is launched only if the right password (sent by email on button downalod pressed) is filled in the form by the user.

If the storage_id=Easysdi_shopHelper::EXTRACTSTORAGE_LOCAL remove the file from the server and change the status of the product to PRODUCTSTATE_DELETED

Modify the rest service to store the storage_id to EXTRACTSTORAGE_LOCAL
Modify the saveproduct() request function to store the storage_id to EXTRACTSTORAGE_LOCAL

#6 Updated by Portier Thomas almost 3 years ago

If the user block a product, the extraction manager is notified.
The extraction manager can unblock the product in the request panel even if it is a automatic order.

The password must be stored with th hashed joomla system

#7 Updated by Van Hoecke Hélène almost 3 years ago

  • Status changed from New to Request For Comments

#8 Updated by Van Hoecke Hélène almost 3 years ago

  • Status changed from Request For Comments to Accepted
  • Assignee changed from Technical Committee to Portier Thomas

Enhancement has been accepted by TC with the implementation specifications provided by Thomas.

#9 Updated by Portier Thomas over 2 years ago

  • Status changed from Accepted to Affected

#10 Updated by Portier Thomas over 2 years ago

  • Status changed from Affected to Resolved
  • Target version set to 4.4.4

#11 Updated by Portier Thomas over 2 years ago

  • Status changed from Resolved to To merge
  • Assignee changed from Portier Thomas to Van Hoecke Hélène

#12 Updated by Van Hoecke Hélène over 2 years ago

  • Target version changed from 4.4.4 to 4.5.0

#13 Updated by Van Hoecke Hélène about 2 years ago

  • Status changed from To merge to Closed

#14 Updated by Blatti Yves over 1 year ago

  • % Done changed from 0 to 100

Also available in: Atom PDF