[GH-ISSUE #772] 2FA authentication should not be enabled until we confirm user has configured google authenticator #472

New issue

Closed

opened 2026-02-25 21:35:07 +03:00 by kerem · 10 comments

kerem commented 2026-02-25 21:35:07 +03:00

Owner

Copy link

Originally created by @ElvisAns on GitHub (Sep 19, 2023).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/772

Originally assigned to: @Yannick243 on GitHub.

🗣 Suggestion

Let's consider the following scenario

1. Enable 2fa authentication
2. Logout without scanning the setup QR code (this may happen to end users)
3. Next time you login Cypht will ask you the 6digit code from Authenticator and you loose access to your account

Proposed solution

Before asking users to enter TOTP on login, we have to confirm they have google authenticator paired. Usually this is done by asking them to put the current TOPT during the configuration process and if match, we now enforce 2FA on next login.

Originally created by @ElvisAns on GitHub (Sep 19, 2023). Original GitHub issue: https://github.com/cypht-org/cypht/issues/772 Originally assigned to: @Yannick243 on GitHub. ## 🗣 Suggestion ### Let's consider the following scenario 1. Enable 2fa authentication 2. Logout without scanning the setup QR code (this may happen to end users) 3. Next time you login Cypht will ask you the 6digit code from Authenticator and you loose access to your account ### Proposed solution Before asking users to enter TOTP on login, we have to confirm they have google authenticator paired. Usually this is done by asking them to put the current TOPT during the configuration process and if match, we now enforce 2FA on next login.

kerem closed this issue 2026-02-25 21:35:07 +03:00

kerem commented 2026-02-25 21:35:07 +03:00

Author

Owner

Copy link

@marclaporte commented on GitHub (Nov 4, 2023):

@ElvisAns Does the PR look good to you?

<!-- gh-comment-id:1793559213 --> @marclaporte commented on GitHub (Nov 4, 2023): @ElvisAns Does the PR look good to you?

kerem commented 2026-02-25 21:35:07 +03:00

Author

Owner

Copy link

@ElvisAns commented on GitHub (Nov 5, 2023):

@marclaporte testing now, will share some feedback

<!-- gh-comment-id:1793708428 --> @ElvisAns commented on GitHub (Nov 5, 2023): @marclaporte testing now, will share some feedback

kerem commented 2026-02-25 21:35:07 +03:00

Author

Owner

Copy link

@ElvisAns commented on GitHub (Nov 5, 2023):

@Yannick243 it looks good on my end

https://github.com/cypht-org/cypht/assets/35831811/d473311f-9334-4ad6-9189-d62834b7daba

@marclaporte what do you think about the flow above? User experience wise

<!-- gh-comment-id:1793717171 --> @ElvisAns commented on GitHub (Nov 5, 2023): @Yannick243 it looks good on my end https://github.com/cypht-org/cypht/assets/35831811/d473311f-9334-4ad6-9189-d62834b7daba @marclaporte what do you think about the flow above? User experience wise

kerem commented 2026-02-25 21:35:07 +03:00

Author

Owner

Copy link

@marclaporte commented on GitHub (Nov 5, 2023):

I refer to @johnsantosDev for UX :-)

<!-- gh-comment-id:1793762086 --> @marclaporte commented on GitHub (Nov 5, 2023): I refer to @johnsantosDev for UX :-)

kerem commented 2026-02-25 21:35:07 +03:00

Author

Owner

Copy link

@johnsantosDev commented on GitHub (Nov 5, 2023):

Let me give it a look Team

<!-- gh-comment-id:1793762815 --> @johnsantosDev commented on GitHub (Nov 5, 2023): Let me give it a look Team

kerem commented 2026-02-25 21:35:07 +03:00

Author

Owner

Copy link

@johnsantosDev commented on GitHub (Nov 12, 2023):

Team, I tested this and the flow, works realy fine, just some very minor ui improvments related to the alignments.

1. Enable two factor authentication text is very far from the checkbox, users will think the switch is for the text update your settings...
2. we are using 2 columns here(good idea) but it's giving poor ui by making the left side empty.
   I suggest to have the switch, the QR and the text "if you can't ..... " at the left column and the section starting with "the following backup codes can ... " at the right.

WDYT @Yannick243 ?

<!-- gh-comment-id:1807273139 --> @johnsantosDev commented on GitHub (Nov 12, 2023): Team, I tested this and the flow, works realy fine, just some very minor ui improvments related to the alignments. 1. Enable two factor authentication text is very far from the checkbox, users will think the switch is for the text update your settings... 2. we are using 2 columns here(good idea) but it's giving poor ui by making the left side empty. I suggest to have the switch, the QR and the text "if you can't ..... " at the left column and the section starting with "the following backup codes can ... " at the right. WDYT @Yannick243 ? 

kerem commented 2026-02-25 21:35:07 +03:00

Author

Owner

Copy link

@Yannick243 commented on GitHub (Nov 13, 2023):

Hello @johnsantosDev,
I have refactor the UI like this, what do you think ?

<!-- gh-comment-id:1808318471 --> @Yannick243 commented on GitHub (Nov 13, 2023): Hello @johnsantosDev, I have refactor the UI like this, what do you think ? 

kerem commented 2026-02-25 21:35:07 +03:00

Author

Owner

Copy link

@johnsantosDev commented on GitHub (Nov 13, 2023):

Perfect. Thanks @Yannick243

<!-- gh-comment-id:1808512115 --> @johnsantosDev commented on GitHub (Nov 13, 2023): Perfect. Thanks @Yannick243

kerem commented 2026-02-25 21:35:07 +03:00

Author

Owner

Copy link

@Yannick243 commented on GitHub (Feb 2, 2024):

Hello @ElvisAns,
can this be closed as it has been merged ?

<!-- gh-comment-id:1923347037 --> @Yannick243 commented on GitHub (Feb 2, 2024): Hello @ElvisAns, can this be closed as it has been merged ?

kerem commented 2026-02-25 21:35:07 +03:00

Author

Owner

Copy link

@ElvisAns commented on GitHub (Feb 6, 2024):

PR : https://github.com/cypht-org/cypht/pull/819

<!-- gh-comment-id:1929165506 --> @ElvisAns commented on GitHub (Feb 6, 2024): PR : https://github.com/cypht-org/cypht/pull/819

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

2.x

mta-sts-implementation

feat-compose-backspace-delete-recipients

release-2.5.1

add-tls3-support

1.4.x

enforce-coverage

release-2.4.2

strip_dns_prefetch_tags

fix_nightly_build

pr-title-validation-update

review-sent-email

revert-1339-fixed-tags-display

revert-1061-rem-cram-md5

sys-messages-revamp

revert-685-fixed-str-pos-warning-when-no-to

revert-590-empty-settings

release-1.3.0

revert-471-draft-add-warning

revert-454-feature/server-list-by-uniqid

php7.4-support

release-1.2.0

remove-mobile-media-queries

release-1.1.0

release-1.0.0

v2.7.0

v2.6.0

v2.5.1

v2.5.0

v1.4.7

v2.4.2

v2.4.1

v1.4.6

v1.4.5

v2.4.0

v2.3.0

v2.2.0

v1.4.4

v2.1.0

v2.0.1

v1.4.3

v2.0.0

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.3.0-rc3

v1.3.0-rc2

v1.3.0-rc1

v1.1.0

v1.1.0-rc4

v1.1.0-rc3

v1.1.0-rc2

v1.1.0-rc1

v1.0.0

v1.0.0-rc8

v1.0.0-rc7

v1.0.0-rc6

v1.0.0-rc5

v1.0.0-rc4

v1.0.0-rc3

v1.0.0-rc2

v1.0.0-rc1

Labels

Clear labels   

2fa

  

I18N

  

PGP

  

Security

  

Security

  

account

  

advanced_search

  

advanced_search

  

announcement

  

api_login

  

authentication

  

awaiting feedback

  

blocker

  

bug

  

bug

  

bug

  

calendar

  

config

  

contacts

  

core

  

core

  

devops

  

docker

  

docs

  

duplicate

  

dynamic_login

  

enhancement

  

epic

  

feature

  

feeds

  

framework

  

github

  

github

  

gmail_contacts

  

good first issue

  

help wanted

  

history

  

history

  

imap

  

imap_folders

  

inline_message

  

installation

  

keyboard_shortcuts

  

keyboard_shortcuts

  

ldap_contacts

  

mobile

  

need-ssh-access

  

new module set

  

nux

  

pop3

  

profiles

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

refactor

  

release

  

research

  

saved_searches

  

smtp

  

strategic

  

tags

  

tests

  

themes

  

website

  

wordpress

No labels

2fa

I18N

PGP

Security

Security

account

advanced_search

advanced_search

announcement

api_login

authentication

awaiting feedback

blocker

bug

bug

bug

calendar

config

contacts

core

core

devops

docker

docs

duplicate

dynamic_login

enhancement

epic

feature

feeds

framework

github

github

gmail_contacts

good first issue

help wanted

history

history

imap

imap_folders

inline_message

installation

keyboard_shortcuts

keyboard_shortcuts

ldap_contacts

mobile

need-ssh-access

new module set

nux

pop3

profiles

pull-request

question

refactor

release

research

saved_searches

smtp

strategic

tags

tests

themes

website

wordpress

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/cypht#472

No description provided.