Default 2FA register timeout is too low
Concerned version
Version: 2.0.11
Platform: (Nginx/Apache/Node.js)
Summary
- Configure TOTP + force 2FA at login
- As a user, login for the first time
- As a user, you are shown a QRCode and (hopefully) some friendly installation instructions added into the template by your local sysadmin.
- As a user, if you take more than 2 minutes (formTimeout) to follow those instructions (including installing the TOTP app on your smartphone), 2FA registration fails.
Logs
Possible fixes
Improving formTimeout might not be satisfactory, we should introduce a new timeout (sfRegTimeout?) for use in both 2F::Engine::Default and 2F::Register::*