GrottoCenter / grottocenter-api / 26345101095

87%

develop: 87%

Build Type

Pull #1609

github

Committed by ClemRz

Commit Message

feat(auth): harden admin account security with TOTP MFA and brute-force protection

- Reduce admin token TTL to 10 days (non-admin remains 90 days)
- Add mandatory TOTP-based MFA with enrollment, verification, and reset endpoints
- Apply stricter rate limiting for admin login (5 req / 15 min / IP)
- Ban admin accounts after 5 consecutive failed logins or TOTP attempts
- Send email notifications on suspicious login activity and account ban
- Revoke all admin tokens on password change
- Update Swagger documentation with new MFA endpoints and login statuses

Pull Request Pull Request #1609: feat(auth): harden admin account security with TOTP MFA and brute-force protection

Coverage Stats

3385 of 4037 branches covered (83.85%)

Branch coverage included in aggregate %.

209 of 223 new or added lines in 10 files covered. (93.72%)

2 existing lines in 2 files now uncovered.

6798 of 7645 relevant lines covered (88.92%)

57.05 hits per line