File tree 1 file changed +21
-0
lines changed
1 file changed +21
-0
lines changed Original file line number Diff line number Diff line change 33The format is based on [ Keep a Changelog] ( http://keepachangelog.com/en/1.0.0/ )
44and this project adheres to [ Semantic Versioning] ( http://semver.org/spec/v2.0.0.html ) .
55
6+ ## [ 3.1.0] - 2021-07-01
7+
8+ ### Added
9+
10+ - Add an optional interface in totp2fa that when implemented on the authboss
11+ User struct can prevent re-use of totp 2fa codes. This normally should have
12+ been a requirement for this module's usage but due to backward compatibility
13+ it's being added as optional and will become mandatory in the next major
14+ version.
15+
16+ ### Changed
17+
18+ - Change totp/sms email validation to delete the "email validation" session
19+ key after successfully adding 2fa to an account. This requires a second
20+ email verification in the same session if a user deletes and re-adds
21+ 2fa. This change is a behavior change but is not worthy of a larger version
22+ bump and should slightly increase security.
23+ - Change "Successfully Authenticated" flash message when logging in with
24+ totp/sms 2fa methods. This was a difference between logging in with the
25+ auth module. It now has no flash message.
26+
627## [ 3.0.5] - 2021-05-18
728
829- Fix an open redirect security issue. This is technically a breaking change
You can’t perform that action at this time.
0 commit comments