Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-09-18 | Add password challenge to 2FA settings, e-mail notifications (#11878) | Eugen Rochko | |
Fix #3961 | |||
2019-09-18 | Fix TOTP codes not being filtered from logs during enabling/disabling (#11877) | Eugen Rochko | |
Not a serious issue because they are meaningless past single use | |||
2019-07-22 | Change unconfirmed user login behaviour (#11375) | Eugen Rochko | |
Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication. | |||
2019-07-19 | Fix some flash notices/alerts staying on unrelated pages (#11364) | ThibG | |
2018-12-12 | Create Settings::BaseController (#9507) | ysksn | |
Define `Settings::BaseController#set_body_classes` so that sub classes inherit `Settings::BaseController` don't need to define `#set_body_classes` agein. | |||
2018-10-25 | Set @body_classes to admin layout (#9081) | Yamagishi Kazutoshi | |
2018-01-21 | Redirect to 2FA creation page when otp_secret is not available (#6314) | Aboobacker MK | |
2017-04-22 | 2FA controller cleanup (#2296) | Matt Jankowski | |
* Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed |