Skip to content

Prevent removing the last 2FA method associated with an account #13771

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Tracked by #14010
dstufft opened this issue May 26, 2023 · 1 comment · Fixed by #14195
Closed
Tracked by #14010

Prevent removing the last 2FA method associated with an account #13771

dstufft opened this issue May 26, 2023 · 1 comment · Fixed by #14195
Labels
2FA feature request security Security-related issues and pull requests

Comments

@dstufft
Copy link
Member

dstufft commented May 26, 2023

2FA will be required on PyPI, and for some projects is already required. We should prevent an account from regressing in their 2FA-ness and prevent the last 2FA method from being removed before another method is added.
@dstufft dstufft added feature request security Security-related issues and pull requests 2FA labels May 26, 2023
@di di mentioned this issue Jun 23, 2023
Closed
22 tasks
@ristomcgehee
Copy link
Contributor

Hi, I'd be happy to work on this one. Here are the implementation details I'd likely follow. Feel free to voice suggested changes:

  • On the Account Settings page, if there is only one 2FA method, the Remove button will be disabled and greyed out.
  • If you mouse over the disabled Remove button, the cursor will turn into the "not" symbol and a tool tip will say "Not allowed to remove last 2FA method" (similar behavior to the Your Projects page with the Manage and View buttons).
  • The backend will also check that at least two 2FA methods are present before removing a method.

@ristomcgehee ristomcgehee mentioned this issue Jul 24, 2023
Merged
@di di closed this as completed in #14195 Jul 26, 2023
@di di mentioned this issue Jul 31, 2023
Closed
@ristomcgehee ristomcgehee mentioned this issue Aug 2, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2FA feature request security Security-related issues and pull requests
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Prevent removing the last 2FA method associated with an account ristomcgehee/warehouse
2 participants
@dstufft @ristomcgehee