Skip to content

magento/security-package#269: Browser Shouldn't Suggest Historic 2FA Codes #270

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 22, 2020
Merged

magento/security-package#269: Browser Shouldn't Suggest Historic 2FA Codes #270

merged 2 commits into from
Sep 22, 2020

Conversation

bluemwhitew
Copy link
Contributor

@bluemwhitew bluemwhitew commented Sep 7, 2020
edited
Loading

Description (*)

Prevents browser autocomplete from suggesting old (used) 2FA codes during configuration and authentication.

Fixed Issues

  1. Fixes Browser Shouldn't Suggest Historic 2FA Codes #269

Manual Testing Scenarios (*)

Two Factor Authentication (Configured):

  1. Log in with an admin account
  2. Confirm autocomplete is disabled on the 2FA code prompt using DevTools by searching for //*[@id="tfa_code"]
  3. Confirm browser doesn't suggest historic 2FA codes

Two Factor Authentication (Not Configured):

  1. Log in with an admin account
  2. Follow e-mailed confirmation link to configure 2FA
  3. Scan QR code or enter "Secret Code" string using your preferred 2FA application
  4. Confirm autocomplete is disabled on the 2FA code prompt using DevTools by searching for //*[@id="tfa_code"]
  5. Confirm browser doesn't suggest historic 2FA codes

Questions or Comments

N/A

Contribution Checklist (*)

  • Author has signed the Adobe CLA
  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All new or changed code is covered with unit/integration tests (if applicable)
  • All automated tests passed successfully (all builds are green)

@bluemwhitew
magento#269: Browser Shouldn't Suggest Historic 2FA Codes
4fbfde2 
- Adding `[autocomplete="off"]` for Affected Fields
- Minor Refactoring
@bluemwhitew
Copy link
Contributor Author

@magento run all tests

@bluemwhitew
Copy link
Contributor Author

Don't believe Functional Tests B2B, Functional Tests CE, or Functional Tests EE are failing due to this changeset (failures are related to CucumberStudio tests for InventoryStorePickupSuite).

@nathanjosiah nathanjosiah added bug Something isn't working Component: 2FA Issues and Pull Requests related to Two Factor Authentication should be marked with this label labels Sep 8, 2020
@nathanjosiah
Copy link
Contributor

@magento run Functional Tests CE, Functional Tests EE, Functional Tests B2B

@bluemwhitew
Copy link
Contributor Author

Cheers, @nathanjosiah. 👍🏻

@nathanjosiah
Copy link
Contributor

@magento run all tests

@nathanjosiah nathanjosiah merged commit 974759d into magento:1.0-develop Sep 22, 2020
@bluemwhitew bluemwhitew deleted the 269_browser-shouldnt-suggest-historic-2fa-codes branch September 22, 2020 16:40
@bluemwhitew
Copy link
Contributor Author

Thanks, @nathanjosiah. 👍🏻

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nathanjosiah nathanjosiah nathanjosiah approved these changes

+1 more reviewer

@BarnyShergold BarnyShergold BarnyShergold approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@nathanjosiah nathanjosiah

Labels
bug Something isn't working Component: 2FA Issues and Pull Requests related to Two Factor Authentication should be marked with this label Partner: Vaimo
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Browser Shouldn't Suggest Historic 2FA Codes
3 participants
@bluemwhitew @nathanjosiah @BarnyShergold