Option to remove ability for non-admins to disable OTP

Created on 7 January 2022, almost 3 years ago

Updated 27 March 2023, over 1 year ago

Related to prior administrator issue. If OTP is a standard security measure, users shouldn't be able to disable it, even accidentally.

Simplest method is to remove their access to the 2FA page. I guess the simplest would be reading a config flag for the module that skips the currentUser part of the 2FA settings form access check. Looks like Drupal just hides the link if the page is access restricted.

Will add any patches I do below, just trying this out really, not sure if I want it myself.

✨ Feature request

Status

Fixed

Version

1.0

Component

Code

Created by

Kyber

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment over 1 year ago →
🇵🇰Pakistan Ahmed.Raza
1.1.1 version provides site administrators to check whether to allow users to enable/disable 2FA via email or not.
Comment over 1 year ago →
🇵🇰Pakistan Ahmed.Raza

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024