This commit is contained in:
@@ -191,19 +191,8 @@ todo: research practicality of supporting SMS from server for things like notifi
|
||||
todo: 2fa is going to be an absolute must have pretty soon, look into what's involved again
|
||||
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3395
|
||||
|
||||
Process:
|
||||
todo TEST ON LINUX
|
||||
|
||||
LOGIN
|
||||
User logs in as normal, server checks if they have 2fa enabled
|
||||
if no 2fa enabled then send back token as normal
|
||||
if 2fa then send back response like "2faenabled:true"
|
||||
also some kind of temporary one time short lived token (maybe the one already implemented for downloads but shorter) to show which user it is as they cannot use a token for the next step
|
||||
client sees it's a 2fa and redirects to a page (or login page has a "dialog") to enter 2fa 6 digit code
|
||||
temp token and 2fa 6 digit code is sent to a /verify route
|
||||
if they match / pass then the normal token is sent back and login proceeds as normal
|
||||
NO TOKEN IS SENT ON 2fa enabled account without pin verification
|
||||
|
||||
TODO: failed login tries to navigate to login again, should carve out an exception in api no?
|
||||
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user