Add TOTP-based Multi-Factor Authentication (MFA) for local users
Global MFA toggle in Security settings, QR code setup on first login, 6-digit TOTP verification on subsequent logins. Azure AD users exempt. Admins can reset user MFA. TOTP secrets encrypted at rest with Fernet. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -80,6 +80,9 @@ def _run_migrations() -> None:
|
||||
("system_config", "default_language", "TEXT DEFAULT 'en'"),
|
||||
("users", "default_language", "TEXT"),
|
||||
("deployments", "npm_stream_id", "INTEGER"),
|
||||
("system_config", "mfa_enabled", "BOOLEAN DEFAULT 0"),
|
||||
("users", "totp_secret_encrypted", "TEXT"),
|
||||
("users", "totp_enabled", "BOOLEAN DEFAULT 0"),
|
||||
]
|
||||
for table, column, col_type in migrations:
|
||||
if not _has_column(table, column):
|
||||
|
||||
Reference in New Issue
Block a user