-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to reset recovery codes #35
Comments
We will need to add another audit hook for resetting backup codes when we do this. There's already one for registering backup codes as a method - we could either treat this as any other method (as it currently is) and log removal and registration of methods generally, or make a specific entry for backup codes when they are reset. You may want to know which user initiated the reset, but that could be the same for removing and registering any method - resetting backup codes is the only option that admins can perform for other users AFAIK, so might need its own hook. Anyway, keep in mind when doing this ticket. |
Is a new functionality we are allowing admins to do? Just thinking, by allowing admins to reset the recovery codes, ultimately gives them access reset account passwords. |
That's not something that's been captured as a requirement before. I wouldn't expect this issue to address that either. To be clear, this issue already has the following AC: Recovery codes can only be reset by the member which they are associated to. |
Covered in #128 |
As a CMS user with a registered MFA method, I want the ability to reset my recovery codes, so that if I loose them or if they are compromised I can access a new and secure set.
Backend work implemented in #4
ACs
Designs
The text was updated successfully, but these errors were encountered: