feat(identity): recovery codes status + download/print (closes #180)#203
Merged
Conversation
- 2FA management page now shows 'Recovery codes: N remaining' as a neutral status row when count is >= 4. The existing low-threshold alerts at <=3, 1, and 0 are kept. - ShowRecoveryCodes page gains Download (.txt) and Print buttons. Download writes a header line (user email + generated-at) followed by the codes. - Print uses an inline @media print stylesheet that hides chrome and re-styles the codes block as black-on-white monospace. - Both render paths in AccountSecurityEndpoint now thread userEmail and generatedAt through so the header is accurate. - Added a comment on GenerateRecoveryCodesEndpoint explaining that codes are hashed (like passwords) and the only honest paths are 'download/print at generation time' or 'regenerate (invalidates prior set)'. Prevents future contributors from trying to add a retrieve-existing-codes endpoint. No new API contracts; UI-only + props passthrough. Existing Users suite still 70/70.
Deploying simplemodule-website with
|
| Latest commit: |
c9b24de
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://a4cb2b22.simplemodule-website.pages.dev |
| Branch Preview URL: | https://issue-180-recovery-codes.simplemodule-website.pages.dev |
Wrap long downloadCodes signature to satisfy 100-char line width.
- Pass statusKey instead of hardcoded English message; resolve via i18n on client (one was a duplicate of TwoFactor.Status.AuthenticatorVerified).
- Use user.Email directly and DateTimeOffset.ToString("O") to match module convention.
- Make userEmail/generatedAt required props; drop dead-code fallbacks.
- Trim verbose comment in GenerateRecoveryCodesEndpoint to the load-bearing why.
…r-203-issue-180-recovery-codes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #180.
recoveryCodesLeft >= 4. The existing alerts at<=3,=1, and=0(warning / danger styles) are kept — those already handled the low-stock case.SimpleModule recovery codes — generated for <email> on <date>) followed by the 10 codes, one per line, namedsimplemodule-recovery-codes.txt.@media printstylesheet that hides everything outside the codes block and re-styles the codes as black-on-white monospace.AccountSecurityEndpoint(initial 2FA enable that auto-generates codes, and explicit "Reset recovery codes") now threaduserEmail+generatedAtso the header is accurate.GenerateRecoveryCodesEndpointexplaining that codes are hashed (like passwords) and the only honest paths are download/print at generation time or regenerate (invalidates prior set). Prevents future contributors from inventing a retrieve-existing-codes endpoint that can't actually exist.Test plan
dotnet build— greendotnet test modules/Users/tests— 70/70text-text-mutedline; redeem until at 3 remaining and the existing warning takes over.Not in scope
en.json. The codebase only ships English today; other languages will pick up the new keys when their files exist.LoginWithRecoveryCodeEndpointtests;CountRecoveryCodesAsyncis the Identity primitive and is not re-wrapped here.