bert.hausmans 948687f27e feat: enterprise MFA with TOTP, email codes, backup codes, and trusted devices ...

Three verification methods (TOTP authenticator, email code, backup codes),
trusted device management with 30-day expiry, role-based enforcement for
super_admin and org_admin, admin reset capability, and full test coverage
(46 tests). Modifies login flow to support MFA challenge/response with
temporary session tokens stored in cache.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-15 20:45:55 +02:00

397 B

Raw Blame History

View Raw