Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFE] Force users to generate TOTP instead of locking them out #32

Open
orenwolf opened this issue Nov 12, 2016 · 1 comment
Open

[RFE] Force users to generate TOTP instead of locking them out #32

orenwolf opened this issue Nov 12, 2016 · 1 comment

Comments

@orenwolf
Copy link

Right now, if a user ignores the 2FA requirement until the login timeout is reached, they are locked out entirely and unable to log in.

Instead, if they log in successfully, they should instead be told that they MUST generate a code to log-in. This would probably require some sort of check that forces them to a generation page on every action, to make sure they didn't "deep-link" to somewhere in the admin interface to get around the login check (as they'd technically be logged-in correctly).
@julien731
Copy link
Owner

That would make sense. If an admin forces users to use 2-fa (s)he probably doesn't mind having an annoying prompt that, indeed, forces users to enable it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@orenwolf @julien731