Adrià Casajús
3f84a63e6d
Extend validity of totp tokens for up to a minute. ( #1494 )
...
* Feat: Allow TOTP for up to one minute in the future and in the past
* Feat: Allow TOTP for up to one minute in the future and in the past
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-12-16 17:54:46 +01:00
Son Nguyen Kim
7b24cdd98a
Revert "remove deduct_limit as it has no effect ( #1347 )" ( #1348 )
...
This reverts commit 851ba0a99a
.
2022-10-13 22:00:45 +02:00
Son Nguyen Kim
851ba0a99a
remove deduct_limit as it has no effect ( #1347 )
...
* remove deduct_limit as it has no effect
- disable rate limit during test
- randomize data in test
- support non-empty db in test
* fix more test
2022-10-13 18:55:22 +02:00
Adrià Casajús
e91fd26964
Sanitized missing places
2022-03-29 18:03:18 +02:00
george
50122da0fe
Implement API notifications and use a function in email_utils
2022-01-20 17:42:11 +00:00
george
42407a0543
Send the email after the local error.
2022-01-20 16:44:15 +00:00
george
f7f91afc1e
Send a notification email for invalid recovery codes.
2022-01-20 16:41:42 +00:00
george
6d736aa915
Implement rate limiting with send_email_with_rate_control.
2022-01-20 15:05:18 +00:00
george
0eb2984b9c
Add invalid TOTP login email notifications.
2022-01-20 14:18:47 +00:00
Son
372466ab06
do not use flask-sqlalchemy
...
- add __tablename__ for all models
- use sa and orm instead of db
- rollback all changes in tests
- remove session in @app.teardown_appcontext
2021-10-12 14:36:47 +02:00
Son NK
ef7fae32b1
remove the "Hi {name}" from email template
2021-01-11 10:23:34 +01:00
Sibren Vasse
31a1f94a5f
Implement rate limiting
2020-05-25 11:39:33 +02:00
Sibren Vasse
097ac771b0
Prevent OTP replay attacks by invalidating last token
2020-05-24 19:23:16 +02:00
Sibren Vasse
35bb1645a3
Allow user to disable mfa for browser for 30 days
2020-05-24 19:23:16 +02:00
Sibren Vasse
8c946d7026
Remove token when submitted value is incorrect
2020-05-24 19:23:16 +02:00
Son NK
87d52216cb
reformat
2020-05-17 10:35:11 +02:00
Son NK
2e208ed505
display recovery code options on mfa and fido page
2020-05-17 10:27:20 +02:00
devStorm
f7e3320242
model - fido_enabled
2020-05-07 05:32:52 -07:00
devStorm
9b8340f3e0
Black formatted
2020-05-07 02:53:28 -07:00
devStorm
9da6054ec0
Allow to use either OTP or FIDO for 2FA
2020-05-05 05:16:33 -07:00
Son NK
837ab8258e
redirect to login page instead
2020-01-03 23:50:34 +01:00
Son NK
4208ba379f
Fix user could go to MFA page directly
2020-01-03 23:42:35 +01:00
Son NK
de0368c20f
remove redundant code
2019-12-27 16:53:07 +00:00
Son NK
c52f2d1603
Create auth/mfa page used by user who has enabled MFA
2019-12-27 16:53:07 +00:00