- Issue created by @Nadim Hossain
- Merge request !4[3469826-disable-verify-button] Updated tfa form and added a ajax callback to disable verify button on first load. β (Open) created by Nadim Hossain
- π¦πΊAustralia Nadim Hossain
Adding this patch version to get it used in the project for now -
- Status changed to Needs review
7 months ago 1:20am 23 August 2024 - πΊπΈUnited States jfurnas
Would a better solution be to just send the verification code when the TFA activation form is first displayed?
Seems counter-intuitive to have to click 'Send' first when you typically get the code sent automatically.
- π¦πΊAustralia mingsong π¦πΊ
In a situation where there are multiple TFA methods enabled, the user might want to switch to another TFA method rather than Email. I think it is good not to send a TFA Email to user by default until the user explicitly click the 'Send' button.
- π¦πΊAustralia mingsong π¦πΊ
Thanks @Nadim Hossain for the patch. Is it possible to have functional tests for the new feature?
- π¦πΊAustralia mingsong π¦πΊ
Change to 'Need work' as functional tests for the new feature required.
- πΊπΈUnited States jfurnas
@mingsong I am not sure I entirely agree with this.
The 'send' button is only rendered if email is setup as otp anyway (even with application code as well), so surely there's a way to trigger the automatic email if 'only' email otp is enabled. This is not only a user experience improvement but also a pretty standard practice.
At the very minimum, adding in some messaging on the page to indicate the user must first click 'send' to receive the code should be considered as receiving the code automatically via email is a pretty standard practice in TFA, and without some messaging indicating users need to click it to even receive the first code isn't very use friendly.
- Status changed to Needs work
6 days ago 1:29am 29 March 2025 - πΊπΈUnited States brad.bulger
If it could automatically send the email when the form loads, that seems like what I'd expect. It doesn't have to be the only method enabled for the user.
But an explicit Send initially would be fine too. If the Send/Resend action was done with a link, always displaying the Verify button would be OK. If Send is a form button, it should be the only one at first. It could even be in a different form above the current one, since you want Verify to be first to be the default.