[3.x] allow super admins to reset 2fa for other stuck users #1419
Conversation
|
Hey @YasienDwieb ! I checked and this works fine. However, I think we should maybe limit the ability to disable it to admins that have 2fa themself. What are your thoughts @ifox? |
I agree! |
…Dwieb/twill into feature/allowSuperadminToReset2fa
|
@haringsrob @ifox I have added privilege check and 2fa check to the request validation, please check now Thanks |
|
IMHO the admin should also confirm the action by reentering his own password since it's a very sensitive action. https://laravel.com/docs/9.x/authentication#password-confirmation https://laracasts.com/series/laravel-authentication-options/episodes/13 |
haringsrob
changed the title
|
@AndreSchwarzer I don't think we would need this, thinking about doing the same on AWS for example you will not be required to do so as you have already passed through all required authentication/authorization steps |
|
I can finalize and merge this once #1360 is done
|
Codecov Report
@@ Coverage Diff @@
## 3.x #1419 +/- ##
============================================
- Coverage 56.39% 56.33% -0.07%
- Complexity 3012 3020 +8
============================================
Files 239 239
Lines 9227 9248 +21
============================================
+ Hits 5204 5210 +6
- Misses 4023 4038 +15
Continue to review full report at Codecov.
|
|
Hey @YasienDwieb, This is now fine, I will merge it soon. I also included some small bug fixes that I myself introduced (just in case you wonder about the non related changes). |
Description
Introduces the ability for super admins to reset 2FA for other users who may get stuck and unable to login in
Admins are required to solve a challenge before disabling 2FA for other users in order to avoid doing that by mistake
Related Issues