Feature/two factor authentication
TODO:
-
Error messages in front end when enabling/disabling TFA -
Actually login in with OTP -
Rate limiting on OTP logins -
Save last successfully used OTP to prevent replay attack
Different MR: -> #491 (closed)
-
Only allow people into groups with certain roles when TFA enabled -
Show TFA status in group management
Different MR: -> maybe when we actually find a use case.
-
Generate recovery codes
Edited by Wilco Kruijer