oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-09-15 18:57:05 +00:00
Code Wiki Activity

Add a two-step setup of OTP

Browse source 
Before this change, 2FA with OTP was enabled before the user was able to
submit a code to validate the setup. Thus, this could lead to a
situation where the user is locked out of her account if there was an
issue setting up her application.

Now we rely on a new boolean property that is set to true only after the
user submits a valid code during the setup phase.

Fixes #4867

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
This commit is contained in:
Kevin Decherf 2025-04-13 16:12:13 +02:00
parent 3f6c01103d
commit b09224cac1
6 changed files with 125 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

6
templates/Config/otp_app.html.twig
View file

@ -18,14 +18,14 @@
<img data-controller="qrcode" data-qrcode-url-value="{{ qr_code|raw }}" class="hide-on-med-and-down" />
</p>
<div data-controller="highlight">
<div id="config_otp_app_secret">
{{ 'config.otp.app.two_factor_code_description_5'|trans }} <pre><code>{{ secret }}</code></pre>
</div>
</li>
<li>
<p>{{ 'config.otp.app.two_factor_code_description_3'|trans }}</p>
<div data-controller="highlight"><pre><code>{{ backupCodes|join("\n") }}</code></pre></div>
<div><pre><code>{{ backupCodes|join("\n") }}</code></pre></div>
</li>
<li>
<p>{{ 'config.otp.app.two_factor_code_description_4'|trans }}</p>
@ -36,7 +36,7 @@
</div>
{% endfor %}
<form class="form" action="{{ path("config_otp_app_check") }}" method="post">
<form class="form" action="{{ path("config_otp_app_check") }}" method="post" name="config_otp_app_check">
<input type="hidden" name="token" value="{{ csrf_token('otp') }}" />
<div class="card-content">
<div class="row">