feat: MFA (#12290)
## Linear: - https://github.com/chatwoot/chatwoot/issues/486 ## Description This PR implements Multi-Factor Authentication (MFA) support for user accounts, enhancing security by requiring a second form of verification during login. The feature adds TOTP (Time-based One-Time Password) authentication with QR code generation and backup codes for account recovery. ## Type of change - [ ] New feature (non-breaking change which adds functionality) ## How Has This Been Tested? - Added comprehensive RSpec tests for MFA controller functionality - Tested MFA setup flow with QR code generation - Verified OTP validation and backup code generation - Tested login flow with MFA enabled/disabled ## Checklist: - [ ] My code follows the style guidelines of this project - [ ] I have performed a self-review of my code - [ ] I have commented on my code, particularly in hard-to-understand areas - [ ] I have made corresponding changes to the documentation - [ ] My changes generate no new warnings - [ ] I have added tests that prove my fix is effective or that my feature works - [ ] New and existing unit tests pass locally with my changes - [ ] Any dependent changes have been merged and published in downstream modules --------- Co-authored-by: Pranav <pranav@chatwoot.com> Co-authored-by: Sojan Jose <sojan@pepalo.com> Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
This commit is contained in:
Tanmay Deep Sharma
committed by
GitHub
GitHub
parent
f03a52bd77
commit
239c4dcb91
11
db/migrate/20250820130619_add_two_factor_to_users.rb
Normal file
11
db/migrate/20250820130619_add_two_factor_to_users.rb
Normal file
@@ -0,0 +1,11 @@
|
||||
class AddTwoFactorToUsers < ActiveRecord::Migration[7.1]
|
||||
def change
|
||||
add_column :users, :otp_secret, :string
|
||||
add_column :users, :consumed_timestep, :integer
|
||||
add_column :users, :otp_required_for_login, :boolean, default: false, null: false
|
||||
add_column :users, :otp_backup_codes, :text
|
||||
|
||||
add_index :users, :otp_secret, unique: true
|
||||
add_index :users, :otp_required_for_login
|
||||
end
|
||||
end
|
||||
@@ -1175,7 +1175,13 @@ ActiveRecord::Schema[7.1].define(version: 2025_09_16_024703) do
|
||||
t.jsonb "custom_attributes", default: {}
|
||||
t.string "type"
|
||||
t.text "message_signature"
|
||||
t.string "otp_secret"
|
||||
t.integer "consumed_timestep"
|
||||
t.boolean "otp_required_for_login", default: false
|
||||
t.text "otp_backup_codes"
|
||||
t.index ["email"], name: "index_users_on_email"
|
||||
t.index ["otp_required_for_login"], name: "index_users_on_otp_required_for_login"
|
||||
t.index ["otp_secret"], name: "index_users_on_otp_secret", unique: true
|
||||
t.index ["pubsub_token"], name: "index_users_on_pubsub_token", unique: true
|
||||
t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
|
||||
t.index ["uid", "provider"], name: "index_users_on_uid_and_provider", unique: true
|
||||
|
||||
Reference in New Issue
Block a user