Commit Graph

12 Commits

Author SHA1 Message Date
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Sam Saffron 3dc4ab905c DEV: annotate models
(also looks like renaming of bigint(8) -> bigint in annotate
which seems fine)
2019-05-03 08:34:12 +10:00
Guo Xiang Tan d85240335b Annotate models. 2019-04-02 13:19:14 +08:00
Guo Xiang Tan 6327f36bfd PERF: Avoid loading ActiveRecord objects when checking for second factor.
* Eliminate DB query for sites without local logins and sites that has
SSO enabled.
2019-03-15 15:09:44 +08:00
Guo Xiang Tan 6761f8ecbf PERF: Add missing index on `user_id` for `user_second_factors` table. 2018-07-16 14:21:07 +08:00
Guo Xiang Tan 214dac05de Update annotations. 2018-07-16 14:19:07 +08:00
Guo Xiang Tan 50e59fb9bd Fix the build. 2018-07-16 10:12:19 +08:00
Jay Pfaffman 0ed2834c2d FEATURE: Add users:disable_2factor rake task
https://meta.discourse.org/t/admin-locked-out-of-2fa/92156/2?u=pfaffman
2018-07-16 09:56:55 +08:00
Maja Komel ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Guo Xiang Tan 982e5bae3a Update annotations. 2018-02-26 15:32:04 +08:00
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00