Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't kick user and require verification after enabling MFA #8081

Merged
merged 3 commits into from May 7, 2024
Merged

Don't kick user and require verification after enabling MFA #8081

merged 3 commits into from May 7, 2024

Conversation

stnguyen90
Copy link
Contributor

@stnguyen90 stnguyen90 commented May 7, 2024
edited

What does this PR do?

  • remove auth duration from Auth::sessionVerify() calls because the method doesn't require it
  • ensure user isn't kicked out after enabling MFA as it is very disruptive to the user experience
  • ensure session factors don't contain duplicates

Test Plan

Manual

Related PRs and Issues

None

Checklist

  • Have you read the Contributing Guidelines on issues?
  • If the PR includes a change to an API's metadata (desc, label, params, etc.), does it also include updated API specs and example docs?

@stnguyen90
refactor(auth): remove auth duration from Auth::sessionVerify() calls
98d18ec 
The paramter was removed from the method so we don't need to pass it
in anymore.
@stnguyen90
feat(auth): ensure user isn't kicked out after enabling MFA
7e07f6b 
User's were kicked out and forced to verify their session after enabling
MFA if they already had factors enabled. This change ensures that they
are not kicked out of their current session after MFA is enabled by
adding all relevant factors to the session.
@stnguyen90
fix(auth): ensure session factors don't contain duplicates
5b5505c
@stnguyen90 stnguyen90 marked this pull request as ready for review May 7, 2024 00:58
@stnguyen90 stnguyen90 self-assigned this May 7, 2024
@stnguyen90 stnguyen90 added the product / auth Fixes and upgrades for the Appwrite Auth / Users / Teams services. label May 7, 2024
TorstenDittmann

This comment was marked as resolved.

Sign in to view

@TorstenDittmann TorstenDittmann merged commit 239a0b4 into 1.5.x May 7, 2024
21 checks passed
@TorstenDittmann TorstenDittmann deleted the fix-dont-kick-after-enabling-mfa branch May 7, 2024 15:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TorstenDittmann TorstenDittmann TorstenDittmann approved these changes

Assignees

@stnguyen90 stnguyen90

Labels
product / auth Fixes and upgrades for the Appwrite Auth / Users / Teams services.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@stnguyen90 @TorstenDittmann