gaiwan/Oak
4
2
Fork 0
Code Issues 1 Pull requests Projects Releases Packages 1 Wiki Activity Actions

Better handle 2FA setup depending on authentication state #1

New issue
Open
opened 2025-10-31 08:47:49 +00:00 by arne · 0 comments
arne commented 2025-10-31 08:47:49 +00:00
Owner
Copy link

Currently the /2fa/setup route is always accessible, regardless of whether the user is logged in or not, and regardless of whether they have 2fa set up or not.

  • When not logged in we should either redirect to login, and show a flash message there, or render a view with a message and with a link back to login.

  • If the user has 2fa set up already, then I think you typically need to remove 2fa first before you can replace it, which means first confirming 2fa or a backup code.

Currently the `/2fa/setup` route is always accessible, regardless of whether the user is logged in or not, and regardless of whether they have 2fa set up or not. - [x] When not logged in we should either redirect to login, and show a flash message there, or render a view with a message and with a link back to login. - [ ] If the user has 2fa set up already, then I think you typically need to remove 2fa first before you can replace it, which means first confirming 2fa or a backup code.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
laurence/issue-11
arne/one-stop-shop
laurence/issue-5
arne/test-infra
v1.0.246
v0.5.227-rc
v0.4.224-rc
v0.3.219-rc
v0.2.216-rc
v0.1.214-rc
v0.0.212-rc
Labels
Clear labels   
bug

A defect that needs fixing

  
small

Little things that can be fixed trivially, best to batch these up

No labels
bug
small
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
gaiwan/Oak#1
No description provided.