Draft: Enable WebAuthn device registration without TOTP
What does this MR do and why?
Replaced the JQuery application to register WebAuthn devices by a Vue component.
Made the WebAuthn device registration possible without TOTP. Therefore,
the Set up new device
is always available.
Increased security by adding a required password field to be able to register a new device.
We also introduced a few minor UI improvements.
Changelog: changed
Screenshots or screen recordings
before | after |
---|---|
The whole process using Chrome:
Screen_Recording_2023-02-10_at_09.56.35
How to set up and validate locally
- In rails console, enable the feature flag:
Feature.enable(:webauthn_without_totp)
- Go to https://gdk.test:3443/-/profile/two_factor_auth
- Select
Set up new device
. It should be available even if the two-factor authentication using TOTP is disabled. - Follow the workflow.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Eduardo Sanz García