Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add tf-setup endpoint that uses a state_token. #991

Merged
merged 1 commit into from
Jun 18, 2024
Merged

Add tf-setup endpoint that uses a state_token. #991

merged 1 commit into from
Jun 18, 2024

Conversation

jwag956
Copy link
Collaborator

@jwag956 jwag956 commented Jun 18, 2024

/tf-setup now returns a state_token (in addition to prior behavior of setting state in the session). This state_token can be used at /tf-setup/ to complete a 2FA setup. This enables /tf-setup with an authentication token and no session cookie - and follows the same model as /us-setup.

Notes: actual 2FA code validation during login still requires a session. The old session way of /tf-setup is still there - no backwards compat issues.

@codecov Codecov
Copy link

codecov bot commented Jun 18, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.45%. Comparing base (4c33560) to head (cc9c5dc).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #991      +/-   ##
==========================================
+ Coverage   98.44%   98.45%   +0.01%     
==========================================
  Files          36       36              
  Lines        4622     4667      +45     
==========================================
+ Hits         4550     4595      +45     
  Misses         72       72

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@jwag956
Add tf-setup endpoint that uses a state_token.
cc9c5dc 
/tf-setup now returns a state_token (in addition to prior behavior of setting state in the session).
This state_token can be used at /tf-setup/<state-token> to complete a 2FA setup.
This enables /tf-setup with an authentication token and no session cookie - and follows the
same model as /us-setup.

Notes: actual 2FA code validation during login still requires a session.
The old session way of /tf-setup is still there - no backwards compat issues.
@jwag956 jwag956 merged commit 147a612 into master Jun 18, 2024
19 checks passed
@jwag956 jwag956 deleted the tftoken branch June 18, 2024 03:44
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jwag956