- 2FA time code
- Allow user to setup 2fa in settings
- Create a database entry containing the user_secret, contents of the OTP URL, 2fa is now activated
- On sign in, create a session entry of the login attempt and a random generated credential (random bytes)
- Take the generated credential in a form along with a place to enter the totp code. If the totp code matches, the credential is exchanged for a login session
- Allow for user to delete TOTP after it's setup
- BUG: Being directed to totp/new without even logging in
- Release with 1.0.20 for template hooks
- Implement base acceptable templates (extract from existing project)
- Should TOTP codes be 1-time use only? If so, need to implement via db powered code list
- Recovery codes (stored / verified like a user password)
sb8244/pow_totp
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|