From d95a313dad7b0acb0d47232d72836b5b719f40c3 Mon Sep 17 00:00:00 2001 From: JYC333 <22962980+JYC333@users.noreply.github.com> Date: Fri, 16 May 2025 10:41:32 +0800 Subject: [PATCH 1/5] update MFA docs --- .../Multi-Factor Authentication.html | 90 ++++++------------- .../User Guide/Note Types/Code.html | 2 +- .../Multi-Factor Authentication.md | 78 ++++------------ 3 files changed, 48 insertions(+), 122 deletions(-) diff --git a/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.html b/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.html index f9a809a86..362a5d1f8 100644 --- a/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.html +++ b/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.html @@ -1,5 +1,3 @@ -

Note: This feature has not been merged yet, so it is not available. -

Multi-factor authentication (MFA) is a security process that requires users to provide two or more verification factors to gain access to a system, application, or account. This adds an extra layer of protection beyond @@ -7,7 +5,8 @@

By requiring more than one verification method, MFA helps reduce the risk of unauthorized access, even if someone has obtained your password. It’s highly recommended for securing sensitive information stored in your notes.

-

Warning! OpenID and TOTP cannot be both used at the same time!

+

Warning: OpenID and TOTP cannot be both used at the same + time!

Log in with your Google Account with OpenID!

OpenID is a standardized way to let you log into websites using an account from another service, like Google, to verify your identity.

@@ -17,48 +16,21 @@ every 30 seconds. You use this code, along with your password, to log into your account, making it much harder for anyone else to access them.

Setup

+

MFA can only setup on server instance.

TOTP

    -
  1. -

    Start Trilium Notes normally.

    -
    2. -
  2. -

    Go to "Menu" -> "Options" -> "MFA"

    -
    3. -
  3. -

    Click the "Generate TOTP Secret" button

    -
    4. -
  4. -

    Copy the generated secret to your authentication app/extension

    -
    5. -
  5. -

    Set an environment variable "TOTP_SECRET" as the generated secret. Environment - variables can be set with a .env file in the root directory, by defining - them in the command line, or with a docker container.

    # .env in the project root directory
-TOTP_ENABLED="true"
-TOTP_SECRET="secret"
    # Terminal/CLI
-export TOTP_ENABLED="true"
-export TOTP_SECRET="secret"
    # Docker
-docker run -p 8080:8080 -v ~/trilium-data:/home/node/trilium-data -e TOTP_ENABLED="true" -e TOTP_SECRET="secret" triliumnext/notes:[VERSION]
    -
    6. -
  6. -

    Restart Trilium

    -
    7. -
  7. -

    Go to "Options" -> "MFA"

    -
    8. -
  8. -

    Click the "Generate Recovery Codes" button

    -
    9. -
  9. -

    Save the recovery codes. Recovery codes can be used once in place of the - TOTP if you loose access to your authenticator. After a rerecovery code - is used, it will show the unix timestamp when it was used in the MFA options - tab.

    -
    10. -
  10. -

    Load the secret into an authentication app like google authenticator

    -
    11. +
  11. Go to "Menu" -> "Options" -> "MFA"
    12. +
  12. Click the “Enable Multi-Factor Authentication” checkbox if not checked
    13. +
  13. Choose “Time-Based One-Time Password (TOTP)” under MFA Method
    14. +
  14. Click the "Generate TOTP Secret" button
    15. +
  15. Copy the generated secret to your authentication app/extension
    16. +
  16. Click the "Generate Recovery Codes" button
    17. +
  17. Save the recovery codes. Recovery codes can be used once in place of the + TOTP if you loose access to your authenticator. After a rerecovery code + is used, it will show the unix timestamp when it was used in the MFA options + tab.
    18. +
  18. Re-login will be required after TOTP setup is finished (After you refreshing + the page).

OpenID

Currently only compatible with Google. Other services like Authentik and Auth0 are planned on being added. @@ -66,21 +38,17 @@ docker run -p 8080:8080 -v ~/trilium-data:/home/node/trilium-data -e TOTP_ENABLE

In order to setup OpenID, you will need to setup a authentication provider. This requires a bit of extra setup. Follow these instructions to setup an OpenID service through google.

-

Set an environment variable "SSO_ENABLED" to true and add the client ID - and secret you obtained from google. Environment variables can be set with - a .env file in the root directory, by defining them in the command line, - or with a docker container.

-

.env File

# .env in the project root directory
-SSO_ENABLED="true"
-BASE_URL="http://localhost:8080"
-CLIENT_ID=
-SECRET=
-

Environment variable (linux)

export SSO_ENABLED="true"
-export BASE_URL="http://localhost:8080"
-export CLIENT_ID=
-export SECRET=
-

Docker

docker run -d -p 8080:8080 -v ~/trilium-data:/home/node/trilium-data -e SSO_ENABLED="true" -e BASE_URL="http://localhost:8080" -e CLIENT_ID= -e SECRET= triliumnext/notes:[VERSION]
-

After you restart Trilium Notes, you will be redirected to Google's account - selection page. Login to an account and Trilium Next will bind to that - account, allowing you to login with it.

-

You can now login using your google account.

\ No newline at end of file +
    +
  1. Set the oauthBaseUrl, oauthClientId and oauthClientSecret in + the config.ini file, which located under the Trilium data folder. +
      +
    1. You can also setup through environment variables (TRILIUM_OAUTH_BASE_URL, TRILIUM_OAUTH_CLIENT_ID and TRILIUM_OAUTH_CLIENT_SECRET), + but the recommanded way is setup through config.ini file.
      2. +
    +
    2. +
  2. Restart the server
    3. +
  3. Go to "Menu" -> "Options" -> "MFA"
    4. +
  4. Click the “Enable Multi-Factor Authentication” checkbox if not checked
    5. +
  5. Choose “OAuth/OpenID” under MFA Method
    6. +
  6. Refresh the page and login through OpenID provider
    7. +
\ No newline at end of file diff --git a/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Note Types/Code.html b/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Note Types/Code.html index d84f08784..95e10fd24 100644 --- a/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Note Types/Code.html +++ b/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Note Types/Code.html @@ -40,7 +40,7 @@

Color schemes

Since Trilium 0.94.0 the colors of code notes can be customized by going  Options → Code Notes and looking for the Appearance section.

+ class="reference-link" href="#root/_help_4TIF1oA4VQRO">Options → Code Notes and looking for the Appearance section.