Skip to content

Add endpoint: verify-2fa #2583

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 14, 2025
Merged

Add endpoint: verify-2fa #2583

merged 4 commits into from
Jul 14, 2025
+117 −0

Conversation

whabanks
Copy link
Contributor

@whabanks whabanks commented Jul 8, 2025

Summary | Résumé

This PR adds a new endpoint for verifying 2fa auth codes without affecting a user's logged in state. This will be used to verify a users phone number when switching to the SMS 2FA method and the user has not already verified their phone number.

Additionally we're adding the verified_phonenumber property to the UserUpdateAttributeSchema schema, so we can mark their phone number as verified once they complete the code verification process.

Related Issues | Cartes liées

Test instructions | Instructions pour tester la modification

CI passes. We'll need the Admin PR to fully test this e2e.

Release Instructions | Instructions pour le déploiement

None.

Reviewer checklist | Liste de vérification du réviseur

  • This PR does not break existing functionality.
  • This PR does not violate GCNotify's privacy policies.
  • This PR does not raise new security concerns. Refer to our GC Notify Risk Register document on our Google drive.
  • This PR does not significantly alter performance.
  • Additional required documentation resulting of these changes is covered (such as the README, setup instructions, a related ADR or the technical documentation).

⚠ If boxes cannot be checked off before merging the PR, they should be moved to the "Release Instructions" section with appropriate steps required to verify before release. For example, changes to celery code may require tests on staging to verify that performance has not been affected.

@whabanks
Add endpoint: verify-2fa
6ccbc37 
- This endpoint verifies 2fa codes similar to `verify_user_code`
  but without failed login checks and session manipulation
@whabanks whabanks requested a review from jimleroyer as a code owner July 8, 2025 19:20
@whabanks whabanks merged commit 48fe83c into main Jul 14, 2025
4 checks passed
@whabanks whabanks deleted the task/verify-2fa-code branch July 14, 2025 20:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jzbahrai jzbahrai jzbahrai approved these changes

@jimleroyer jimleroyer Awaiting requested review from jimleroyer jimleroyer is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@whabanks @jzbahrai