Revert "Make removal of 2fa require e-mail verification"

This reverts commit 5b876d21c3bdf0c3e95100ec6f116709581636e8.
2025-04-13 11:50:27 +02:00 · 2018-12-10 20:12:34 -08:00 · 2018-12-10 20:12:34 -08:00 · 003476b6d5
commit 003476b6d5
parent d08fd7a196
4 changed files with 11 additions and 11 deletions
--- a/README.md
+++ b/README.md
@ -681,12 +681,12 @@ To enable this feature simply turn on
 `authboss.Config.Modules.TwoFactorEmailAuthRequired` and new routes and
 middlewares will be installed when you set up one of the 2fa modules.
-When enabled, the routes for setting up and removing 2fa on an account are
+When enabled, the routes for setting up 2fa on an account are protected by a
-protected by a middleware that will redirect to `/2fa/{totp,sms}/email/verify`
+middleware that will redirect to `/2fa/{totp,sms}/email/verify` where
-where Page `twofactor_verify` is displayed. The user is prompted to authorize
+Page `twofactor_verify` is displayed. The user is prompted to authorize the
-the addition of 2fa to their account. The data for this page contains `email`
+addition of 2fa to their account. The data for this page contains `email` and
-and a `url` for the POST. The url is required because this page is shared
+a `url` for the POST. The url is required because this page is shared between
-between all 2fa types.
+all 2fa types.
 Once they POST to the url, a token is stored in their session and an e-mail is
 sent with that token. When they click the link that goes to
--- a/otp/twofactor/sms2fa/sms.go
+++ b/otp/twofactor/sms2fa/sms.go
@ -126,8 +126,8 @@ func (s *SMS) Setup() error {
 	s.Authboss.Core.Router.Post("/2fa/sms/confirm", verified(confirm.Post))
 	remove := &SMSValidator{SMS: s, Page: PageSMSRemove}
-	s.Authboss.Core.Router.Get("/2fa/sms/remove", verified(remove.Get))
+	s.Authboss.Core.Router.Get("/2fa/sms/remove", middleware(remove.Get))
-	s.Authboss.Core.Router.Post("/2fa/sms/remove", verified(remove.Post))
+	s.Authboss.Core.Router.Post("/2fa/sms/remove", middleware(remove.Post))
 	validate := &SMSValidator{SMS: s, Page: PageSMSValidate}
 	s.Authboss.Core.Router.Get("/2fa/sms/validate", s.Core.ErrorHandler.Wrap(validate.Get))
--- a/otp/twofactor/totp2fa/totp.go
+++ b/otp/twofactor/totp2fa/totp.go
@ -95,8 +95,8 @@ func (t *TOTP) Setup() error {
 	t.Authboss.Core.Router.Get("/2fa/totp/confirm", verified(t.GetConfirm))
 	t.Authboss.Core.Router.Post("/2fa/totp/confirm", verified(t.PostConfirm))
-	t.Authboss.Core.Router.Get("/2fa/totp/remove", verified(t.GetRemove))
+	t.Authboss.Core.Router.Get("/2fa/totp/remove", middleware(t.GetRemove))
-	t.Authboss.Core.Router.Post("/2fa/totp/remove", verified(t.PostRemove))
+	t.Authboss.Core.Router.Post("/2fa/totp/remove", middleware(t.PostRemove))
 	t.Authboss.Core.Router.Get("/2fa/totp/validate", t.Core.ErrorHandler.Wrap(t.GetValidate))
 	t.Authboss.Core.Router.Post("/2fa/totp/validate", t.Core.ErrorHandler.Wrap(t.PostValidate))
--- a/otp/twofactor/twofactor_verify_test.go
+++ b/otp/twofactor/twofactor_verify_test.go
@ -174,7 +174,7 @@ func TestEmailVerifyPostStart(t *testing.T) {
 		t.Error("subject wrong:", mail.Subject)
 	}
-	urlRgx := regexp.MustCompile(`^http://localhost:8080/auth/2fa/totp/email/verify/end\?token=[\-_a-zA-Z0-9=%]+$`)
+	urlRgx := regexp.MustCompile(`^http://localhost:8080/auth/2fa/totp/email/verify/end\?token=[_a-zA-Z0-9=%]+$`)
 	data := h.renderer.Data
 	if !urlRgx.MatchString(data[DataVerifyURL].(string)) {