oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-08-11 17:51:02 +00:00
Code Wiki Activity

Add a two-step setup of OTP

Browse source 
Before this change, 2FA with OTP was enabled before the user was able to
submit a code to validate the setup. Thus, this could lead to a
situation where the user is locked out of her account if there was an
issue setting up her application.

Now we rely on a new boolean property that is set to true only after the
user submits a valid code during the setup phase.

Fixes #4867

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
This commit is contained in:
Kevin Decherf 2025-04-13 16:12:13 +02:00
parent 3f6c01103d
commit b09224cac1
6 changed files with 125 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tests/Controller/SecurityControllerTest.php
View file

@ -66,6 +66,7 @@ class SecurityControllerTest extends WallabagTestCase
->getRepository(User::class)
->findOneByUsername('admin');
$user->setGoogleAuthenticatorSecret('26LDIHYGHNELOQEM');
$user->setGoogleAuthenticator(true);
$em->persist($user);
$em->flush();
@ -78,6 +79,7 @@ class SecurityControllerTest extends WallabagTestCase
->getRepository(User::class)
->findOneByUsername('admin');
$user->setGoogleAuthenticatorSecret(null);
$user->setGoogleAuthenticator(false);
$em->persist($user);
$em->flush();
}