This commit is contained in:
@@ -195,13 +195,15 @@ todo: 2fa is going to be an absolute must have pretty soon, look into what's inv
|
||||
SIGN UP
|
||||
(copied a bit from digital ocean)
|
||||
User settings has a SECURITY section where control 2fa stuff
|
||||
user enables at which point a secret key for 2fa is generated and stored in the User account
|
||||
user chooses 2fa button to setup, a dialog pops up sends a request to server at which point a secret key for 2fa is generated and stored in the User account
|
||||
and gets back the secret to display in a qr code on screen to searching
|
||||
/auth/setup-hotp
|
||||
user is redirected to a client form with the qr code displayed for teh secret
|
||||
User gets QR code then displayed to sign up with auth software
|
||||
User has to enter a valid code to save or enable 2fa fully otherwise it's not enabled if they cancel out
|
||||
until the correct code is entered it will not be enabled yet
|
||||
If user moves out of 2fa area without validating then it generates a new secret next time they go In
|
||||
|
||||
|
||||
DISABLE
|
||||
user goes to user settings->Security and click on disable 2fa button which is only enabled to click when the account has 2fa already enabled
|
||||
this removes the 2fa secret from their account and sets 2fa off.
|
||||
|
||||
Reference in New Issue
Block a user