Verify 2fa code before activation - Githubissues

gyselroth / balloon-client-web

balloon web user interface

GNU General Public License v3.0

2 stars 5 forks source link

Verify 2fa code before activation #298

Open raffis opened 4 years ago

raffis commented 4 years ago

Describe the bug

Currently 2fs gets enabled without verifying the code. This might lead to account lockouts if the code can not be scanned for whatever reason.

To Reproduce

Enable 2fa
Don't scan code
Restart browser
Lockout

Expected behavior

Prompt for the code to verify 2fa.

Environment

web-client version: v3.2.17
balloon server version: v2.7.2