Skip to content

Enforcing 2FA

Vedant Wakalkar requested to merge phoenix/feature/authentication into phoenix/develop

Fixes

Fixes for #4 (closed) by @Karna98
Fixes for #107 by @Karna98

Description

User cannot access any logged in user functionality until they have verified 2FA (after login) or Setup 2FA (after registration).

Note : Until 2FA is not verified or set up, user is not Authenticated.

Type of PR

This PR is a improvement.

Technicalities

  1. " /twofactor " displays 2FA Setup or 2FA Verify, depending on user's 2FA status.
  2. User cannot access " /twofactor " in guest mode.
  3. Logged in user cannot access login page or register page.
  4. After submitting login form or register form, user is redirected to " /twofactor ". User has max 2 minutes for 2FA Setup or 2FA Verify, after that page expires.
  5. Registration data is store in DB on successful completion of 2FA Setup or else user has to register again.

2FA Setup - When user set up 2FA for first time.

2FA Verify - User verify GA secret code.

Tests

Try to get logged in bypassing 2FA.

Bounty : Your PR will get reviewed by me :-) within 30 min of its creation.

*Terms & Conditions Apply.

Checklist:

  • My pull request has a descriptive title (not a vague title like "Update index.md").
  • My pull request targets the phoenix/develop branch of the repository.
  • My commit messages follow best practices.
  • My code follows the established code style of the repository.
  • I tried running the project locally and verified that there are no visible errors.
Edited by Vedant Wakalkar

Merge request reports