No specific grace period for new users

Firesphere / silverstripe-bootstrapmfa

Bootstrap your MultiFactor with backup codes and a ready-to-go second-factor authentication

BSD 3-Clause "New" or "Revised" License

3 stars 3 forks source link

No specific grace period for new users #36

Open brynwhyman opened 5 years ago

brynwhyman commented 5 years ago

Current functionality when MFA is made mandatory is to enforce a grace period for existing users. When new users are created they'll be entitled to a full grace period.

This issue covers making the grace period a global variable, regardless of when the user was created.

ACs

[ ] User profiles created after the global grace period has ended will not receive a grace period.
[ ] User profiles created during a grace period will be subject to the remaining grace period only.

brynwhyman commented 5 years ago

Raising this following a discussion, although it's probably not a good idea. Allowing a grace period for users who are created after the original grace period has finished allows them time to setup their MFA. For example they may need time before their security token arrives in the mail.