[hold for payment 2024-09-10] [$250] Require a 2FA code to disable 2FA #48215
Comments
tgolen
added
External
melvin-bot
bot
changed the title
|
Job added to Upwork: https://www.upwork.com/jobs/~010c8f7bf5820798ba |
melvin-bot
bot
added
the
Help Wanted
|
Triggered auto assignment to @joekaufmanexpensify ( |
|
Triggered auto assignment to Contributor-plus team member for initial proposal review - @parasharrajat ( |
joekaufmanexpensify
removed
the
Help Wanted
|
@tgolen is the PR for this one already in review? If so, mind linking it to the issue so I can follow along? |
|
Oops, sorry! Here it is: #48030 |
tgolen
added
Internal
|
All good. TY! |
|
PR still in review |
|
PR merged! |
joekaufmanexpensify
added
Reviewing
|
I'm gonna close this out since it was deployed to production. |
|
Ah, I think we still need to pay @parasharrajat for his review here. |
|
@tgolen @parasharrajat was #48461 a regression introduced by the PR here? Seems like yes, but curious if that is correct? |
joekaufmanexpensify
changed the title
|
Bumped in Slack here. |
|
yes, it seems that we missed in the PR. |
|
Got it, thank you for confirming. Only payment here then is $125 to @parasharrajat for C+ review via NewDot (50% penalty for regression)! |
|
Feel free to request payment whenever you're ready @parasharrajat , otherwise closing this for now! |
|
Payment requested as per #48215 (comment) |
|
$125 approved for @parasharrajat |
Problem
Users can disable 2FA without entering a 2FA code.
Why this is important to solve?
It is a security risk. If someone can get your authToken, then they can disable your 2FA and keep access to your account.
Solution
When 2FA settings are disabled, we need to prompt the user to enter a valid 2FA code and validate it.
I already have a PR written for this, so it doesn't need a contributor but I do need a C+ to review it which is why I am creating this issue.
Upwork Automation - Do Not Edit
Issue Owner
Current Issue Owner: @parasharrajatThe text was updated successfully, but these errors were encountered: