ciphera-net/pulse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 15 Wiki Activity

Performance insights, Goals & Events, 2FA improvements, auth fixes #36

Merged
uz1mani merged 12 commits from staging into main 2026-02-25 19:41:07 +00:00
Conversation 2 Commits 12 Files Changed 10 +38 -60
6 changed files with 38 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit b54af6c03a - Show all commits

4
CHANGELOG.md
View File

@@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
## [Unreleased] ## [Unreleased]
### Fixed
- **2FA disable now requires password confirmation.** Disabling 2FA sends the derived password to the backend for verification. This prevents an attacker with a hijacked session from stripping 2FA.
## [0.11.1-alpha] - 2026-02-23 ## [0.11.1-alpha] - 2026-02-23
### Changed ### Changed

3
lib/api/2fa.ts
View File

@@ -27,9 +27,10 @@ export async function verify2FA(code: string): Promise<Verify2FAResponse> {
}) })
} }
export async function disable2FA(): Promise<void> { export async function disable2FA(passwordDerived: string): Promise<void> {
return apiRequest<void>('/auth/2fa/disable', { return apiRequest<void>('/auth/2fa/disable', {
method: 'POST', method: 'POST',
body: JSON.stringify({ password: passwordDerived }),
}) })
} }