Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Login: Enable email verification on login, for internal use only #2721

Merged
merged 13 commits into from Dec 10, 2019

Conversation

kevinrobinson
Copy link
Contributor

@kevinrobinson kevinrobinson commented Dec 4, 2019

Who is this PR for?

educators

What problem does this PR fix?

More defenses for particular login security threats (see internal docs).

What does this PR do?

Adds another field to EducatorMultifactorConfig for sending login codes via email, and add support for that in MultifactorAuthenticator, with a little refactoring to add an indirection layer for Mailgun calls. Test cases to match all paths.

Deploying would have no impact, but would allow internal dogfooding.

Checklists

Which features or pages does this PR touch?

  • Login

Does this PR use tests to help verify we can deploy these changes quickly and confidently?

  • Included specs for changes
  • Improved specs for existing code in need of better test coverage
  • Manual testing made more sense here

@kevinrobinson kevinrobinson changed the title Login: Code to enable email verification on login Login: Enable email verification on login, for internal use only Dec 4, 2019
@kevinrobinson
Copy link
Contributor Author

@kevinrobinson kevinrobinson commented Dec 10, 2019

selfie

@kevinrobinson kevinrobinson merged commit 4bb1b15 into master Dec 10, 2019
1 check passed
@kevinrobinson kevinrobinson deleted the feature/mfa-email branch Dec 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant