Commit Graph

8 Commits (219fb317eeee47e91066b8baebcaf02ef9e0c0bf)

Author SHA1 Message Date
Patrick Figel df4ff9a8e1 Add recovery code support for two-factor auth (#1773)
* Add recovery code support for two-factor auth

When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.

The two-factor prompt during login now accepts both OTP codes and
recovery codes.

The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.

Fixes #563 and fixes #987

* Set OTP_SECRET in test enviroment

* add missing .html to view file names
8 years ago
Yann GUERN a85d4473aa Avoid user enumeration with devise paranoid mode (#1527) 8 years ago
Eugen Rochko 76e970c856 Do not automatically login after password reset, as it would circumvent two-factor auth (if enabled)
Do not require e-mail address changes to be re-confirmed, it's only trouble for no real benefit
8 years ago
Eugen Rochko ba192f12e3 Added optional two-factor authentication 8 years ago
Eugen Rochko 116ab27e08 i18n for devise mailer too 8 years ago
Eugen Rochko 2c374cd97c Adding e-mail configuration 9 years ago
Eugen Rochko ab6696e855 Adding doorkeeper, adding a REST API
POST /api/statuses                  Params: status (text contents), in_reply_to_id (optional)
GET  /api/statuses/:id
POST /api/statuses/:id/reblog

GET  /api/accounts/:id
GET  /api/accounts/:id/following
GET  /api/accounts/:id/followers
POST /api/accounts/:id/follow
POST /api/accounts/:id/unfollow

POST /api/follows                  Params: uri (e.g. user@domain)

OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
9 years ago
Eugen Rochko 7e93da3f8d Removing grape and adding devise 9 years ago