nextcloud/server

Clear / refresh 2FA backup codes

Open

#9,036 opened on Mar 30, 2018

View on GitHub
 (9 comments) (0 reactions) (0 assignees)PHP (4,865 forks)batch import
1. to developenhancementfeature: authenticationgood first issuehelp wanted

Repository metrics

Stars
 (34,953 stars)
PR merge metrics
 (Avg merge 20d) (627 merged PRs in 30d)

Description

as already mentioned in https://github.com/nextcloud/twofactor_totp/issues/244, maybe just a question... but shouldn't the Backup-Codes be cleared/deleted after an user disables his 2FA?

in the database they are still present, also for users which were completely deleted ages ago.

i'm not sure if this may even become a security issue, especially if a user enables 2FA again...

Contributor guide