about summary refs log tree commit diff
path: root/app/controllers/settings/two_factor_authentications_controller.rb
AgeCommit message (Collapse)Author
2019-09-18Add password challenge to 2FA settings, e-mail notifications (#11878)Eugen Rochko
Fix #3961
2019-09-18Fix TOTP codes not being filtered from logs during enabling/disabling (#11877)Eugen Rochko
Not a serious issue because they are meaningless past single use
2019-07-22Change unconfirmed user login behaviour (#11375)Eugen Rochko
Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
2018-12-12Create Settings::BaseController (#9507)ysksn
Define `Settings::BaseController#set_body_classes` so that sub classes inherit `Settings::BaseController` don't need to define `#set_body_classes` agein.
2018-10-25Set @body_classes to admin layout (#9081)Yamagishi Kazutoshi
2017-07-26Fix #4026 - Accept backup codes for disabling 2FA (#4382)Eugen Rochko
2017-06-25Fix #3910 - Require OTP authentication to disable 2FA (#3935)Eugen Rochko
* Fix #3910 - Require OTP authentication to disable 2FA. Also, remove ability to generate new OTP backup codes *after* initial backup codes were handed out during activation * Restore recovery code re-generation * Improve display of some 2FA elements
2017-04-222FA controller cleanup (#2296)Matt Jankowski
* Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
generated by cgit-pink (git 2.37.1) at 2024-07-01 11:42:53 +0000