nextcloud/server

Clear / refresh 2FA backup codes

Open

#9,036 创建于 2018年3月30日

在 GitHub 查看
 (9 评论) (0 反应) (0 负责人)PHP (4,865 fork)batch import
1. to developenhancementfeature: authenticationgood first issuehelp wanted

仓库指标

Star
 (34,953 star)
PR 合并指标
 (平均合并 20天) (30 天内合并 627 个 PR)

描述

as already mentioned in https://github.com/nextcloud/twofactor_totp/issues/244, maybe just a question... but shouldn't the Backup-Codes be cleared/deleted after an user disables his 2FA?

in the database they are still present, also for users which were completely deleted ages ago.

i'm not sure if this may even become a security issue, especially if a user enables 2FA again...

贡献者指南