-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: utils for two factor auth modal #316
Conversation
Here is what I noticed while working on this feature. The current implementation of the 2FA authentication flow in our application is causing an unnecessary step for our users. After a user verifies their 2FA at login, the application writes the state to the Redis store. However, when a user logs in, the application already checks the Redis store and returns that the user has been verified, which means the 2FA modal is never shown. How can we fix this? I suggest that we stop relying on the user's verification state stored in Redis. Instead, we should require the user to verify themselves every time we need to perform critical actions that require verification. The current implementation does not address these issues, I have created it as a draft first for us to go over and propose ways in which we can properly handle user verification. |
This is intentional, to avoid asking 2FA to users too many times when they are logging in from same device. We use fingerprint to identify if user is using same device or different. The util however, when triggered should open every time if the user has enabled 2fa (regardless of whether or they have verified.) |
Ok that makes sense, does it mean that here: // Check two-factor auth status
if (user.twoFactorEnabled && !twoFactorVerified) {
setOpenModal(true);
} else if (twoFactorVerified) {
// Two-factor auth already verified, execute the original function
await fn();
} else {
// Two-factor auth disabled, execute the original function
await fn();
} I can do without checking if |
Hey @ttebify , one test case is failed out there for PR title validation. Can you please update the PR title where suggestions are being given by github bot. |
Sure, I'll do that thanks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Impressive work @ttebify 🏅 🎉
….com/envless/envless into feat/utils-for-two-factor-auth-modal
Description
Fixes #311
Type of change
How Has This Been Tested?
Checklist: