xLink
commented
8 years ago Best idea I've come up with, is to set a few session keys based on what needs doing (actions.require_2fa && actions.password_expire) on login and then check for these via middlewares
Okay so, currently if a user has 2fa enabled, when they login, the system will prompt them to input their 2fa code, if they try and move around the system without verifying, the system will log them out as a precaution.
Recent additions to the system will require a similar thing setting up for the password expiries, so if the users password has expired, next time they log in, we should prompt them to change their password before they continue.
Problem lies in how to move them from 2fa to passy expiry change?