roelvanhintum
commented
4 years ago For every request the 2Fa plugin verifies the user from the plugin init, so this would prevent controllers from executing code. This is next to the EVENT_AFTER_LOGIN event.
For multiple clients we had pentests done and still do for every project. Unfortunately i can't share any details.
zsackett42
We're trying to evaluate 2fa options for Craft and had questions regarding this plugin's exact functionality. It's using EVENT_AFTER_LOGIN to create the redirect, but would it prevent the execution of controller actions, for example?
I see in issue #22 there's a reference to "in depth security tests", but haven't seen exactly what that entails. Thanks.