Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Login: Enable email verification on login, for internal use only #2721

merged 13 commits into from Dec 10, 2019


Copy link

@kevinrobinson kevinrobinson commented Dec 4, 2019

Who is this PR for?


What problem does this PR fix?

More defenses for particular login security threats (see internal docs).

What does this PR do?

Adds another field to EducatorMultifactorConfig for sending login codes via email, and add support for that in MultifactorAuthenticator, with a little refactoring to add an indirection layer for Mailgun calls. Test cases to match all paths.

Deploying would have no impact, but would allow internal dogfooding.


Which features or pages does this PR touch?

  • Login

Does this PR use tests to help verify we can deploy these changes quickly and confidently?

  • Included specs for changes
  • Improved specs for existing code in need of better test coverage
  • Manual testing made more sense here

@kevinrobinson kevinrobinson changed the title Login: Code to enable email verification on login Login: Enable email verification on login, for internal use only Dec 4, 2019
Copy link
Contributor Author

@kevinrobinson kevinrobinson commented Dec 10, 2019


@kevinrobinson kevinrobinson merged commit 4bb1b15 into master Dec 10, 2019
1 check passed
@kevinrobinson kevinrobinson deleted the feature/mfa-email branch Dec 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

Successfully merging this pull request may close these issues.

None yet

1 participant