Skip to content

Task/verify 2fa code#2221

Merged
whabanks merged 12 commits into
mainfrom
task/verify-2fa-code
Jul 16, 2025
Merged

Task/verify 2fa code#2221
whabanks merged 12 commits into
mainfrom
task/verify-2fa-code

Conversation

@whabanks

@whabanks whabanks commented Jul 8, 2025
edited by jzbahrai
Loading

Copy link
Copy Markdown
Contributor

Summary | Résumé

This PR adds a new page to verify a users mobile phone number from the Profile page. It also adds a flow for when the user tries wants to add SMS 2fa auth have not added a phone number to their profile yet:

Select SMS auth -> add their phone number -> enter verify code -> auth is changed to SMS

Related

Test instructions | Instructions pour tester la modification

Throughout these flow's test the back links to ensure they move to pages that make sense given the context. Especially during the flow of change 2FA to SMS when you don't have an existing phone number already as there are multiple intertwined steps here.

Between the different verification states, keep your eye on the verification badges to ensure they properly reflect verified and unverified states in the UI.

Add new phone number verifies correctly

  • 1. Remove existing phone numbers from your profile
  • 2. Add a phone number to your profile & verify it (same flow)
  • 3. Check your user in the DB and ensure that the verified_phonenumber field was set to True
  • 4. Navigate to the Change 2FA method page and ensure that the verified badge is present.

Removing your phone number de-verifies

  • 1. Remove the phone number that you just added
  • 2. Check the DB and note that the verified_phonenumber column was set to False
  • 3. Navigate to the Change 2FA method page and ensure that the un-verified badge is present.

Setting SMS 2FA without a Phone number

  • 1. In the security section of the profile, click Change 2FA method
  • 2. Select the SMS option, noting that the un-verified badge is present
  • 4. Note that you're taken through the process of adding a phone number
  • 5. Complete the process & verification
  • 6. Check the DB, note that the verified_phonenumber field was set to True
  • - Note that the auth_type column was set to sms_auth

Removing your phone number defaults auth type to email

  • 1. Remove your phone number again
  • 2. Check the DB and note that the verified_phonenumber column was set to False
  • - Note that the auth_type column was set to email_auth

Auth type can be set to SMS with existing phone number

  • 1. Add your phone number back in via the Your profile section, not the Security section and verify it.
  • 2. Change your 2 step verification method from Email to SMS
  • 5. Check the DB, note that the verified_phonenumber field was set to True
  • - Note that the auth_type column was set to sms_auth

whabanks added 2 commits July 8, 2025 16:35
@whabanks
WIP - Add 2FA verification for mobile phone number
239d406 
- Add verify-mobile-number.html page
- Add new route `verify_mobile_number`
- Add `validate_2fa_method` to the `user_api_client` which calls the api
  to verify a 2fa code without disturbing the users browser session
@whabanks
Gate validate_2fa_method behind a FF check
e4ad739
@github-actions

github-actions Bot commented Jul 8, 2025

Copy link
Copy Markdown

🧪 Review environment

https://htjj75efjjcnza5kxm5ddcexfq0nuddz.lambda-url.ca-central-1.on.aws/

whabanks and others added 6 commits July 14, 2025 10:04
@whabanks
Merge branch 'main' into task/verify-2fa-code
b22aead
@whabanks
Merge verify-mobile-number.html and confirm.html
79f8106 
- Removing an existing phone number sets the verified_phonenumber to
  false in the db.
- Utilize the new verify phone number designs when changing or adding a
  phone number via the profile page
- Added proper back_link handling on the confirmation page
- Ensure that when a user clicks the back button after resending a
  verification code from the update or add phone number view that they
are redirected to the correct page
@whabanks
Remove temporary dev link to verify SMS on profile
9b898d1
@whabanks
Merge remote-tracking branch 'origin/main' into task/verify-2fa-code
80deda7
@whabanks
Impl. add & verify phone # from 2fa flow
ef95adc 
- Add a flow for when the user tries wants to add SMS 2fa auth have not
  added a phone number to their profile yet
- Select SMS auth -> add their phone number -> enter verify code -> auth
  is changed to SMS
@whabanks
Fix tests
bc7cbb9
@whabanks whabanks marked this pull request as ready for review July 15, 2025 17:50
@jzbahrai

jzbahrai commented Jul 15, 2025

Copy link
Copy Markdown
Contributor

Tested this, and it looks good, just a question about the flow plus catching an error when a user enters an old code. (discussed offline)

jzbahrai
jzbahrai reviewed Jul 15, 2025
View reviewed changes
Comment thread app/main/views/user_profile.py Outdated
whabanks and others added 2 commits July 16, 2025 14:28
@whabanks
Decouple verification from add phone number flow
d7e00c2 
- Adding a phone number to your profile no longer requires verification
- Fixed a bug where incorrect verify codes were not being handled
  correctly and errors not properly displayed to the user.
@whabanks
Merge branch 'main' into task/verify-2fa-code
033d23f
jzbahrai
jzbahrai reviewed Jul 16, 2025
View reviewed changes
Comment thread app/main/views/user_profile.py
@whabanks whabanks merged commit 70aacc6 into main Jul 16, 2025
10 checks passed
@whabanks whabanks deleted the task/verify-2fa-code branch July 16, 2025 19:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jzbahrai jzbahrai jzbahrai approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@whabanks @jzbahrai