authboss v3.1.0 Release Notes
Release Date: 2021-07-01 // almost 3 years ago-
โ Added
- โ Add an optional interface in totp2fa that when implemented on the authboss User struct can prevent re-use of totp 2fa codes. This normally should have been a requirement for this module's usage but due to backward compatibility it's being added as optional and will become mandatory in the next major version.
๐ Changed
- ๐ Change totp/sms email validation to delete the "email validation" session key after successfully adding 2fa to an account. This requires a second email verification in the same session if a user deletes and re-adds 2fa. This change is a behavior change but is not worthy of a larger version bump and should slightly increase security.
- ๐ Change "Successfully Authenticated" flash message when logging in with totp/sms 2fa methods. This was a difference between logging in with the auth module. It now has no flash message.