IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: do not lock account if backup codes are available (#18982)

Browse Source 
Currently, we have available three 2fa methods:
- Token-Based Authenticators
- Physical Security Keys
- Two-Factor Backup Codes

If the first two are deleted, user lose visibility of their backup codes, which suggests that 2fa is disabled.

However, when they try to authenticate, the account is locked, and they have to ask admin to fix that problem.

This PR is fixing the issue. User still sees backup codes in their panel and can use them to authenticate.

In next PR, I will improve UI to clearly notify the user when 2fa is fully disabled and when it is still active.
This commit is contained in:
Krzysztof Kotlarek
2022-11-11 13:00:06 +11:00
committed by GitHub
parent 4692f4ee7c
commit 4db5525d25
11 changed files with 70 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/concerns/second_factor_manager.rb
View File

@@ -79,7 +79,7 @@ module SecondFactorManager
end
def has_any_second_factor_methods_enabled?
totp_enabled? || security_keys_enabled?
totp_enabled? || security_keys_enabled? || backup_codes_enabled?
end
def has_multiple_second_factor_methods?