server-tools

History

Oleg Bulkin c8d5b50777 [FIX] auth_totp: Various issues * Restructure controller and res.users logic to prevent RPC authentication for users with MFA enabled and add support for multiple simultaneous MFA sessions * Switch trusted device cookies from using the DB secret to user-level secret keys, thereby increasing security * Remove MFA login tokens and trusted device model, which are now redundant * Add migration logic that generates a trusted device cookie key for every user with MFA enabled and cleans up device model ir records to prevent warnings * Update unit tests and remainder of module accordingly	7 years ago
..
auth_totp.xml	[FIX] auth_totp: Various issues	7 years ago
res_users.xml	[IMP] auth_totp: Admin support	8 years ago

Oleg Bulkin c8d5b50777 [FIX] auth_totp: Various issues

* Restructure controller and res.users logic to prevent RPC authentication for
users with MFA enabled and add support for multiple simultaneous MFA sessions
* Switch trusted device cookies from using the DB secret to user-level secret
keys, thereby increasing security
* Remove MFA login tokens and trusted device model, which are now redundant
* Add migration logic that generates a trusted device cookie key for every user
with MFA enabled and cleans up device model ir records to prevent warnings
* Update unit tests and remainder of module accordingly

7 years ago

auth_totp.xml

[FIX] auth_totp: Various issues

7 years ago

res_users.xml

[IMP] auth_totp: Admin support

8 years ago