Skip to content

WIP: Password + Two Factor Authentication Support

Jesusalva Jesusalva requested to merge github/fork/pazkero/totp into master

This allows users to use a PBKDF2 + TOTP to login instead of email-based verification.

Patch is aimed to support SQL support for it; However there's no auth endpoint yet. Do note this is disabled by default. User is supposed to explicitly allow this after having the email validated.

Of course, if they enable this and then get rid of their email... They will be able to use all TMW services except password or TOTP code recovery.

(TOTP doesn't have to be mandatory, however; Would even be cool if you could just set a password and optionally enable 2FA... Oh well.)

PS. Required by MLAPIv2. Untested.

Edited by Jesusalva Jesusalva

Merge request reports