![[1st screenshot of mfa_setup]](mfa_setup1.png)
The VideoBiz sample application has been upgraded to showcase three new features introduced in Panther 5.60:
%SMBASE%\samples\vidstore-mfa\$SMBASE/samples/vidstore-mfa/
%SMBASE%\samples\vidstore\$SMBASE/samples/vidstore/
Original documentation for VideoBiz is available at docs.prolifics.com.
The vidstore-mfa sample folder does not include all components found in the original vidstore sample. Instead, it provides updated versions of two key files:
videobiz.lib – Panther screen libraryvideobiz – Panther JDB database fileThese files are designed as drop-in replacements for the files of the same name in the original vidstore sample application. To configure the enhanced sample:
vidstore sample directory.videobiz.lib and videobiz files if needed.vidstore-mfa into the vidstore directory, overwriting the originals.This approach allows you to run the enhanced sample within the original application context, while preserving all other supporting components.
When Python scripting is enabled, the main screen in videobiz.lib displays a new
Change Password checkbox beneath the Logon and Password fields.
These appear only when the Employee Login radio button is selected.
Conditional logic in the screen's JPL code has been updated to invoke two new screens:
mfa_setup - Multi-Factor Authentication Setuptotpauth - TOTP Authentication ChallengeThere is but one line assigned to the Python Script property. It sets the value of the python_enabled hidden field value to 1, indicating that Python is enabled.
This flag allows JPL logic to conditionally trigger MFA functionality only when Python is active.
mfa_setup ScreenThe first time an employee logs in (e.g., sheila/trade3), the Multi-Factor Authentication Setup screen appears.
It displays a QR Code and setup instructions.
qr_code has its QR Code property set to Yes.All logic for this screen is written in Python and assigned to the screen's Python Script property. It demonstrates Panther-Python integration, including database access.
Upon clicking Submit, the auto-generated client secret is saved into the totp_secret column of the users table in the videobiz database for the present user. The totp_secret column is new for the videobiz JDB database that is provided with the enhanced VideoBiz sample application. A videobiz.sql script is also provided for use with the Panther JDB ISQL utility in order to recreate the videobiz database from scratch.
totpauth ScreenSubsequent logins for employees with MFA enabled will trigger the TOTP Authentication screen.
![[screenshot of totpauth]](totpauth.png)
This screen prompts the user to enter a 6-digit TOTP code. For instructional purposes, the correct code is displayed on-screen. If your authenticator app is properly configured, it will show a Videobiz entry for the user, with a code that refreshes every 30 seconds.
Note: The screen does not update its expected code every 30 seconds. It validates the code that was current when the screen opened.
The totpauth screen contains no JPL code, only Python. It demonstrates use of the new Panther library function:
sm_generate_totp - generates TOTP given a secret key
SYNOPSIS
totp = sm_generate_totp(key, digits)
char *totp;
char *key;
int digits;
DESCRIPTION
Returns a TOTP (Time-based One-time Password) for a given secret key.
The digits argument specifies the number of digits (typically 6).
The algorithm matches standard authenticator apps, enabling verification
of user-entered codes against generated values.
RETURNS
totp = temporary buffer containing the TOTP code
= NULL on failure
If MFA has already been configured for an employee, selecting the Change Password checkbox before login
will reopen the mfa_setup screen after successful authentication. This time, the screen includes fields to:
[SAVED] appears next to the secret code that was previously saved. The instructions remain the same.
![[screenshot of mfa_setup with password change fields]](mfa_setup2.png)