django-mfa2 icon indicating copy to clipboard operation
django-mfa2 copied to clipboard
verified publisher icon mkalioby

Email OTP should have a period of validity

Open bil0u opened this issue 3 years ago • 3 comments

Hi,

I searched for this functionnality in the readme and by exploring the code and it seems that there is no concept of period of validity involved in the logic of mfa.Email.auth

Maybe this could be implemented using the request session only for email keys, or a more generic approach could be added directly using User_Keys.expires and a middleware.

In both case, this timeout should be configurable per OTP method and have sensible defaults.

Happy to discuss it further if you think it's worth it !

bil0u avatar Oct 10 '22 16:10 bil0u

Good point, but it is only the email method which needs this implementation.

Do you like to give it a try or shall i do it?

mkalioby avatar Oct 10 '22 17:10 mkalioby

Either way is fine, I can have a look during the week !

bil0u avatar Oct 10 '22 17:10 bil0u

Sure. Let me know if you need help.

On Mon, 10 Oct 2022, 19:46 Ugo Popée, @.***> wrote:

Either way is fine, I can have a look during the week !

— Reply to this email directly, view it on GitHub https://github.com/mkalioby/django-mfa2/issues/66#issuecomment-1273639577, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACPOPRG4YEM24YTHTGHKWRDWCRJBBANCNFSM6AAAAAARBQRNFU . You are receiving this because you commented.Message ID: @.***>

mkalioby avatar Oct 10 '22 17:10 mkalioby