feat: introduce mfa #1645
Merged
feat: introduce mfa #1645
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* feat: add mfa-usage sub-flow --------- Co-authored-by: Lennart Fleischmann <[email protected]>
The mfa_creation subflow sets an mfa_method stash value so that when creating and persisting the credential the mfa_only flag can be set correctly in the hook responsible for that. But the profile flow never "ends" and and returns to the initial state so I can also register a passkey afterwards. The mfa_method stash key remains on the stash but is used in the hook nonetheless, so the passkey is incorrectly recognized as a security key. The mfa_method key is now deleted after successfully persisting the credential/security_key. This should not have an effect on the login flow because the mfa_creation subflow is the last subflow to be executed. It also should not affect the registration flow, because the hook is not applied in the registration flow (persistence of data is all handled in the create_user hook).
* feat: add authenticator app management to profile * feat: passkey counts as second factor
Renames MFA stash entry for indicating usage (login) method to make its meaning more explicit. Also removes code persisting a webauthn credential from the attestation verification action in the onboarding flow because this is already done by a shared hook.
Co-authored-by: bjoern-m <[email protected]>
* chore: skip mfa prompt if the user only has a passkey * chore: refactor and improve mfa onboarding * fix: no mfa onboarding when passwords and passkeys are disabled * fix: only show mfa onbooarding once * feat: add a function to the flowpilot to check whether a state has been visited
* chore: improved error handling * feat: add missing translations (#1681)
Do not suspend the `webauthn_verify_attestation_response` action when passkeys are disabled, but security keys and MFA are enabled.
Change texts regarding security creation to be more consistent across the flows and to be more precise.
* fix: loading spinner alignment corrected * fix: auth app deletion link is shown while deletion is not allowed
* chore: remove deprecated test persister * chore: replace test persister calls * chore: add saml state fixtures
Co-authored-by: Frederic Jahn <[email protected]>
Co-authored-by: Frederic Jahn <[email protected]>
FreddyDevelop
approved these changes
Oct 30, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR introduces the implementation of Multi-Factor Authentication (MFA) across various user flows, including MFA onboarding and profile management, along with numerous fixes and feature additions.
MFA Support
WebAuthn Enhancements
UI/UX Improvements