Enforcing 2FA
Fixes
Fixes for #4 (closed) by @Karna98
Fixes for #107 by @Karna98
Description
User cannot access any logged in user functionality until they have verified 2FA (after login) or Setup 2FA (after registration).
Note : Until 2FA is not verified or set up, user is not Authenticated.
Type of PR
This PR is a improvement.
Technicalities
- " /twofactor " displays 2FA Setup or 2FA Verify, depending on user's 2FA status.
- User cannot access " /twofactor " in guest mode.
- Logged in user cannot access login page or register page.
- After submitting login form or register form, user is redirected to " /twofactor ". User has max 2 minutes for 2FA Setup or 2FA Verify, after that page expires.
- Registration data is store in DB on successful completion of 2FA Setup or else user has to register again.
2FA Setup - When user set up 2FA for first time.
2FA Verify - User verify GA secret code.
Tests
Try to get logged in bypassing 2FA.
Bounty : Your PR will get reviewed by me :-) within 30 min of its creation.
*Terms & Conditions Apply.
Checklist:
-
My pull request has a descriptive title (not a vague title like "Update index.md
"). -
My pull request targets the phoenix/develop
branch of the repository. -
My commit messages follow best practices. -
My code follows the established code style of the repository. -
I tried running the project locally and verified that there are no visible errors.