Android app does not ask for 2FA code

inventree / inventree-app

InvenTree mobile app

https://docs.inventree.org/en/latest/app/app/

MIT License

60 stars 47 forks source link

Android app does not ask for 2FA code #468

Open HammyHavoc opened 11 months ago

HammyHavoc commented 11 months ago

Obviously bad for security as if you know someone's password or it's been leaked in a database breach then you can simply login as them.

Upvote & Fund

We're using Polar.sh so you can upvote and help fund this issue.
We receive the funding once the issue is completed & confirmed by you.
Thank you in advance for helping prioritize & fund our backlog.

SchrodingersGat commented 11 months ago

@HammyHavoc thanks for reporting. Looks like there are a few shortcomings of the 2FA implementation. We will have to look into this, but the core dev team is currently on Christmas break. Happy to review a PR if you wanted to submit something yourself.