github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-06-16 00:51:59 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
3,836 Commits 13 Branches 210 Tags
user_permissions
Commit Graph

13 Commits

Author SHA1 Message Date
Dan Brown
c9c0e5e16f Fixed guest user email showing in TOTP setup url 
- Occured during enforced MFA setup upon login.
- Added test to cover.

Fixes #2971
 2021-10-14 18:02:16 +01:00
Dan Brown
8565187138 Added border to generated TOTP QR code 
To fix QR code not being scannable when in dark mode due to
lack of border matching background of QR code.

Fixes #2925
 2021-09-13 14:23:54 +01:00
Dan Brown
64785ed9da Apply fixes from StyleCI 2021-08-21 14:49:40 +00:00
Dan Brown
2d306949b5 Cleaned some unused elements during testing 2021-08-21 15:38:43 +01:00
Dan Brown
622ea03c65 Added attribution for new libs added 
- Also hard-set TOTP algorithm with comment from testing others.
 2021-08-08 14:52:29 +01:00
Dan Brown
9b271e559f Worked on MFA setup required flow 
- Restructured some of the route naming to be a little more consistent.
- Moved the routes about to be more logically in one place.
- Created a new middleware to handle the auth of people that should be
  allowed access to mfa setup routes, since these could be used by
  existing logged in users or by people needing to setup MFA on access.
- Added testing to cover MFA setup required flow.
- Added TTL and method tracking to session last-login tracking system.
 2021-08-02 22:02:25 +01:00
Dan Brown
4597069083 Added Backup code verification logic 
Also added testing to cover as part of this in addition to adding the
core backup code handling required.

Also added the standardised translations for switching mfa mode and
adding testing for this switching.
 2021-08-02 16:35:37 +01:00
Dan Brown
a3f19ebe96 Added TOTP verification upon access 2021-08-02 15:04:43 +01:00
Dan Brown
1278fb4969 Started moving MFA and email confirmation to new login flow 
Instead of being soley middleware based.
 2021-07-17 18:24:50 +01:00
Dan Brown
78f9c01519 Started on some MFA access-time checks 
Discovered some difficult edge cases:
- User image loading in header bar when using local_secure storage
- 404s showing user-specific visible content due to content listing on
  404 page since user is in semi-logged in state. Maybe need to go
  through and change up how logins are handled to centralise and
  provide us better control at login time to prevent any auth level.
 2021-07-16 23:23:36 +01:00
Dan Brown
f696aa5eea Added the ability to remove an MFA method 
Includes testing to cover
 2021-07-14 21:27:21 +01:00
Dan Brown
529971c534 Added backup code setup flow 
- Includes testing to cover flow.
- Moved TOTP logic to its own controller.
- Added some extra totp tests.
 2021-07-02 20:53:33 +01:00
Dan Brown
916a82616f Complete base flow for TOTP setup 
- Includes DB storage and code validation.
- Extracted TOTP work to its own service file.
- Still needs testing to cover this side of things.
 2021-06-30 22:10:02 +01:00