hailey.at / cocoon
An atproto PDS written in Go
fork atom

Implement 2FA (email) #4

closed
opened by willdot.net targeting main from willdot.net/cocoon: email-auth-factor

This implements 2FA (email only at the moment).

I have run this on my test account and tested various flows:

Turning 2FA on and off through the Bluesky app Turning 2FA on and the updating my email address to a new one, and observing that 2FA is disabled Logging in with 2FA enabled Using a 3rd party app (tangled) to log into my account via OAuth and being able to provide the 2FA token (including providing the wrong password and token as well to ensure that when the correct password and token is provided, the flow continues as normal) Logging into my PDS directly via the /account/login route with 2FA turned on Create a new account and observing that the two_factor_type is preset to none The UI for the the PDS /account/login screen is far from perfect and could use some improvements. For example once you're entered the handle and password, the page refreshes with the new token input, but the handle and password fields are now empty :(

0
by willdot.net 0 comments
expand 6 commits
e6c68509
implement enabling / disabling email auth factor (not currently checked on auth checks though)
c1d1e734
implement 2fa on creating a session
12a6212a
refactor the 2FA code into it's own field on model and generate a new email type
834dc6d8
implement providing 2FA token on PDS account login screen
cf6bcf64
refactor so that there's a 2FA type on the repo which replaces EmailAuthFactor
1c502e6b
another merge conflict
closed without merging
sign up or login to add to the discussion
Labels

None yet.

Participants 1
AT URI
at://did:plc:dadhhalkfcq3gucaq25hjqon/sh.tangled.repo.pull/3mbisos6epj22