Describe the bug
The Two-factor Authentication plugin we are using has a link to send a code to the user rather than using a code from the Google Authenticator App. This link gets an error because we did not implement the method for sending the code. The plugin then stores a code on the user that they must use to log in, even though it was not actually sent to them. At this point, the user can no longer log in using the Google Authenticator App.
To Reproduce
Steps to reproduce the behavior:
- Log in with a user that has Two-factor Authentication enabled. This is enabled from the user's Edit Profile page.
- Click the "Send me a code instead" link.
- See error page.
- Use the back button to go back to the Two-factor Authentication page and see that you can no longer use the Google Authenticator App.
Expected behavior
A code should be emailed to the user to verify their Two-factor Authentication.
Screenshots
Additional context
def send_two_factor_authentication_code(code)
# Send code via SMS, Email, etc.
end
- Rails email guide: https://guides.rubyonrails.org/action_mailer_basics.html
- Once you have logged in with Two-factor Authentication (TFA), a cookie is stored that will cause the app to not ask for a code for a month. The go through the TFA process again the cookie will need to be deleted. The cookie name is
remember_tfa.
Describe the bug
The Two-factor Authentication plugin we are using has a link to send a code to the user rather than using a code from the Google Authenticator App. This link gets an error because we did not implement the method for sending the code. The plugin then stores a code on the user that they must use to log in, even though it was not actually sent to them. At this point, the user can no longer log in using the Google Authenticator App.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A code should be emailed to the user to verify their Two-factor Authentication.
Screenshots
Additional context
remember_tfa.