-
-
Notifications
You must be signed in to change notification settings - Fork 756
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2factor authentication via email #1484
Conversation
trusted_computer: | ||
enabled: true | ||
cookie_name: wllbg_trusted_computer | ||
cookie_lifetime: 5184000 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe 30 days without access is enough ? 60 seems big to me.
Where are tests related to that part? |
I don't know if tests are needed: the bundle is tested and I don't override the bundle behaviour. |
I don't agree. For example, you added Also, you added some logic in the User entity that need to be tested: |
OK, I will add tests. |
Tests added. |
|
||
scheb_two_factor: | ||
trusted_computer: | ||
enabled: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking about these config to enable two factor.
I think they should be in parameters.yml
so people won't have to update config.yml
and keep a modified file which can be problematic when updating wallabag.
Also, the sender_email should be in parameters.yml
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
2factor authentication via email
2factor authentication via email.
This setting can be disabled on config screen for each user.
User can also check "trusted computer" to avoid 2factor authentication for a delay.
Here is a screenshot after login step.
It's also possible to enable Google Authenticator, but I don't know if we need this validator. @j0k3r @tcitworld any opinion?