View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0010181 | Taler | merchant backend | public | 2025-07-14 19:57 | 2025-08-06 10:43 |
| Reporter | Christian Grothoff | Assigned To | schanzen | ||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | assigned | Resolution | open | ||
| Platform | i7 | OS | Debian GNU/Linux | OS Version | squeeze |
| Product Version | git (master) | ||||
| Target Version | 1.1 | ||||
| Summary | 0010181: enable instance password reset with 2-FA | ||||
| Description | We should allow users to reset an instance password if they can do some kind of 2-FA. (This will be important once we have hosted/self-provisioned instances in production.) For 2-FA, we already have the owner's e-mail address and should add a (mobile) phone number as well. Furthermore, we probably want to support (T)OTP as well. Given 2 (other) factors, we should then allow password reset (possibly when the right merchant backend configuration option is set to ENABLED). We already have shell scripts for sending SMS in anastasis.git that can be used for sending the TAN code. It would be good if we validated the phone number / e-mail address on sign-up (again, if the right configuration option "VALIDATE_XXX" is set to enable the feature). | ||||
| Tags | No tags attached. | ||||
| parent of | 0009815 | resolved | Christian Grothoff | Backend as a Service (EASE) durch GLS Bank: self-provisioning / Erfassung von Email Adresse und Telefonnummer |
| parent of | 0009817 | assigned | Christian Grothoff | Backend as a Service (EASE) durch GLS Bank: self-provisioning / Prozess für Passwort Change |
| parent of | 0009816 | assigned | Christian Grothoff | Backend as a Service (EASE) durch GLS Bank: self-provisioning / Validierung von Email Adresse und Telefonnummer |
| child of | 0010224 | confirmed | Florian Dold | merchant backend self-provisioning [meta] [01sept] |
| Not all the children of this issue are yet resolved or closed. | ||||
|
|
To clarify: I think changing the instance password was always possible if you could show proper authorization. So this issue wants to add that you can ONLY update the instance password AS INSTANCE OWNER WITH 2FA but still always without 2FA as admin? You also do realize that this will affect e.g. SPA? |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-07-14 19:57 | Christian Grothoff | New Issue | |
| 2025-07-14 19:57 | Christian Grothoff | Status | new => assigned |
| 2025-07-14 19:57 | Christian Grothoff | Assigned To | => schanzen |
| 2025-07-14 19:58 | Christian Grothoff | Relationship added | parent of 0009815 |
| 2025-07-14 19:59 | Christian Grothoff | Relationship added | parent of 0009817 |
| 2025-07-14 19:59 | Christian Grothoff | Relationship added | parent of 0009816 |
| 2025-08-04 22:26 | Christian Grothoff | Relationship added | child of 0010224 |
| 2025-08-04 22:26 | Christian Grothoff | Target Version | 1.3 => 1.1 |
| 2025-08-06 10:43 | schanzen | Note Added: 0025632 | |
| 2025-08-06 10:43 | schanzen | Note Edited: 0025632 |
