When a user enables two factor authentication, all existing sessions are now invalidated, requiring re-authentication. This prevents pre-existing sessions from bypassing 2FA. The frontend now shows a notice explaining the logout before the user confirms, and properly logs out after enabling. Ref: GHSA-pgc7-cmvg-mvp4 |
||
|---|---|---|
| .. | ||
| api/v1 | ||
| caldav | ||
| api_tokens.go | ||
| error_handler.go | ||
| healthcheck.go | ||
| metrics.go | ||
| rate_limit.go | ||
| routes.go | ||
| sentry_middleware.go | ||
| static.go | ||
| validation.go | ||