IntenseFinance/firefly-iii
3
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2024-11-23 01:16:46 -06:00
Code Issues Packages Projects Releases Wiki Activity

Hide sensitive information in 2FA setup page when printing

Browse Source 
The QR code (and manual code) should not be recoverable after the initial setup. This would allow an unauthorized person to access an account without leaving a trace (like showing that a backup code was used, given that person has the account password).

Even if very low, having that information visible could be a problem.
This commit is contained in:
Julien Stébenne 2023-01-09 21:47:39 -05:00
parent 4c27bbf069
commit 5967762cd8
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
resources/views/profile/code.twig
View File

@ -14,17 +14,14 @@
<h3 class="box-title">{{ 'pref_two_factor_auth_code'|_ }}</h3> <h3 class="box-title">{{ 'pref_two_factor_auth_code'|_ }}</h3>
</div> </div>
<div class="box-body"> <div class="box-body">
<p class="text-info"> <p class="text-info hidden-print">
{{ 'pref_two_factor_auth_code_help'|_ }} {{ 'pref_two_factor_auth_code_help'|_ }}
</p> </p>
<div class="form group"> <div class="form group">
<div class="col-sm-8 col-md-offset-4"> <div class="col-sm-8 col-md-offset-4 hidden-print">
<!--<img src="" alt="" title=""
style="border:1px #ddd solid;"/>
-->
{{ image|raw }} {{ image|raw }}
</div> </div>
<p> <p class="hidden-print">
{{ trans('firefly.2fa_use_secret_instead', {secret: secret|escape})|raw }} {{ trans('firefly.2fa_use_secret_instead', {secret: secret|escape})|raw }}
</p> </p>
<p> <p>