Hide sensitive information in 2FA setup page when printing

The QR code (and manual code) should not be recoverable after the initial setup. This would allow an unauthorized person to access an account without leaving a trace (like showing that a backup code was used, given that person has the account password).

Even if very low, having that information visible could be a problem.
This commit is contained in:
Julien Stébenne 2023-01-09 21:47:39 -05:00
parent 4c27bbf069
commit 5967762cd8

View File

@ -14,17 +14,14 @@
<h3 class="box-title">{{ 'pref_two_factor_auth_code'|_ }}</h3>
</div>
<div class="box-body">
<p class="text-info">
<p class="text-info hidden-print">
{{ 'pref_two_factor_auth_code_help'|_ }}
</p>
<div class="form group">
<div class="col-sm-8 col-md-offset-4">
<!--<img src="" alt="" title=""
style="border:1px #ddd solid;"/>
-->
<div class="col-sm-8 col-md-offset-4 hidden-print">
{{ image|raw }}
</div>
<p>
<p class="hidden-print">
{{ trans('firefly.2fa_use_secret_instead', {secret: secret|escape})|raw }}
</p>
<p>