UMBRA

History

Kyle Pope 464b8b911f Phase 8: Registration flow & MFA enforcement UI

- backend: add POST /auth/totp/enforce-setup and /auth/totp/enforce-confirm
  endpoints that operate on mfa_enforce_token (not session cookie), generate
  TOTP secret/QR/backup codes, verify confirmation code, enable TOTP, clear
  mfa_enforce_pending flag, and issue a full session cookie
- frontend: expand LockScreen to five modes — login, first-run setup,
  open registration, TOTP challenge, MFA enforcement setup (QR -> verify ->
  backup codes), and forced password change; all modes share AmbientBackground
  and the existing card layout; registration visible only when
  authStatus.registration_open is true

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-26 18:39:18 +08:00

__init__.py

Initial commit

2026-02-15 16:13:41 +08:00

auth.py

Remediate pentest findings F-01, F-02, F-06

2026-02-26 02:25:37 +08:00

calendars.py

Implement Stage 6 Track A: PIN → Username/Password auth migration

2026-02-25 04:12:37 +08:00

dashboard.py

Address QA review: model registry, NOT NULL constraint, variable naming, toggle defaults, lockout UX