wallabag

mirror of https://github.com/wallabag/wallabag.git synced 2024-11-26 11:01:04 +00:00

History

Kevin Decherf aa06e8328e ConfigController: remove 2fa cancel step This change annoys me, however this endpoint was anyway problematic: - it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3 - it is useless as we don't really handle a two-steps validation Still, if you send an incorrect code during the "activation" phase a flash error will pop up but the 2fa will stay enabled. This need rework when possible. Signed-off-by: Kevin Decherf <kevin@kdecherf.com>	2023-09-30 00:49:58 +02:00
..
Wallabag	ConfigController: remove 2fa cancel step	2023-09-30 00:49:58 +02:00

Kevin Decherf aa06e8328e ConfigController: remove 2fa cancel step

This change annoys me, however this endpoint was anyway problematic:
- it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3
- it is useless as we don't really handle a two-steps validation

Still, if you send an incorrect code during the "activation" phase a
flash error will pop up but the 2fa will stay enabled. This need rework
when possible.

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>

2023-09-30 00:49:58 +02:00

Wallabag

ConfigController: remove 2fa cancel step

2023-09-30 00:49:58 +02:00