RubyGems - pages_core - Versions diffs - 3.13.0 → 3.14.0 - Mend

pages_core 3.13.0 → 3.14.0

Files changed (52) hide show

checksums.yaml +4 -4
data/VERSION +1 -1
data/app/assets/builds/pages_core/admin-dist.js +1 -1
data/app/assets/builds/pages_core/admin-dist.js.map +4 -4
data/app/assets/builds/pages_core/admin.css +27 -4
data/app/assets/stylesheets/pages_core/admin/components/login.css +0 -6
data/app/assets/stylesheets/pages_core/admin/components/totp.css +26 -0
data/app/controllers/admin/account_recoveries_controller.rb +87 -0
data/app/controllers/admin/invites_controller.rb +3 -2
data/app/controllers/admin/otp_secrets_controller.rb +45 -0
data/app/controllers/admin/recovery_codes_controller.rb +32 -0
data/app/controllers/admin/sessions_controller.rb +65 -0
data/app/controllers/admin/users_controller.rb +2 -8
data/app/controllers/concerns/pages_core/authentication.rb +12 -10
data/app/controllers/pages_core/admin_controller.rb +1 -1
data/app/helpers/pages_core/admin/admin_helper.rb +11 -0
data/app/javascript/index.ts +0 -2
data/app/mailers/admin_mailer.rb +2 -2
data/app/models/concerns/pages_core/has_otp.rb +27 -0
data/app/models/otp_secret.rb +101 -0
data/app/models/user.rb +15 -37
data/app/policies/user_policy.rb +4 -0
data/app/views/admin/account_recoveries/new.html.erb +22 -0
data/app/views/admin/account_recoveries/show.html.erb +37 -0
data/app/views/admin/invites/show.html.erb +1 -1
data/app/views/admin/otp_secrets/create.html.erb +7 -0
data/app/views/admin/otp_secrets/new.html.erb +60 -0
data/app/views/admin/recovery_codes/_codes.html.erb +14 -0
data/app/views/admin/recovery_codes/create.html.erb +7 -0
data/app/views/admin/recovery_codes/new.html.erb +11 -0
data/app/views/admin/sessions/_otp_form.html.erb +13 -0
data/app/views/admin/sessions/new.html.erb +33 -0
data/app/views/admin/sessions/verify_otp.html.erb +19 -0
data/app/views/admin/users/edit.html.erb +31 -1
data/app/views/admin/users/new.html.erb +1 -1
data/app/views/admin_mailer/account_recovery.text.erb +10 -0
data/app/views/layouts/admin/_header.html.erb +1 -1
data/app/views/layouts/admin/_toast.html.erb +12 -0
data/app/views/layouts/admin.html.erb +1 -1
data/config/locales/en.yml +11 -3
data/config/routes.rb +11 -6
data/db/migrate/20240126160700_add_2fa_fields.rb +22 -0
data/db/migrate/20240129201300_remove_password_reset_tokens.rb +13 -0
data/lib/pages_core.rb +6 -0
metadata +51 -9
data/app/controllers/admin/password_resets_controller.rb +0 -85
data/app/controllers/sessions_controller.rb +0 -27
data/app/javascript/controllers/LoginController.ts +0 -32
data/app/models/password_reset_token.rb +0 -34
data/app/views/admin/password_resets/show.html.erb +0 -21
data/app/views/admin/users/login.html.erb +0 -65
data/app/views/admin_mailer/password_reset.text.erb +0 -11

data/app/views/admin/account_recoveries/new.html.erb ADDED Viewed

@@ -0,0 +1,22 @@
+<% content_for :page_title, "Account recovery" %>
+<% content_for :page_description, "Account recovery" %>
+<%= form_tag admin_account_recovery_path do %>
+  <h2>
+    Forgot your password or lost your authenticator?
+  </h2>
+  <p>
+    Don't worry, it happens.
+    Enter your email address below, and we'll send you a link where you
+    can recover your account.
+  </p>
+  <div class="field">
+    <label for="email">Email address</label>
+    <%= text_field_tag(:email, "", autocomplete: "email", autofocus: true) %>
+  </div>
+  <p>
+    <button type="submit">
+      Send
+    </button>
+  </p>
+<% end %>

data/app/views/admin/account_recoveries/show.html.erb ADDED Viewed

@@ -0,0 +1,37 @@
+<% content_for :page_title, "Account recovery" %>
+<% content_for :page_description, "Please choose a new password to proceed" %>
+<% content_for :body_class, "login" %>
+<div class="login-form">
+  <%= form_for(@user,
+               url: admin_account_recovery_path,
+               builder: PagesCore::Admin::FormBuilder,
+               class: 'form') do |f| %>
+    <%= hidden_field_tag :token, @token %>
+    <%= f.labelled_password_field(:password,
+                                  autofocus: true,
+                                  autocomplete: "new-password") %>
+    <%= f.labelled_password_field(:password_confirmation,
+                                  autocomplete: "new-password") %>
+    <% if @user.otp_enabled? %>
+      <div class="field">
+        <label for="otp">6 digit code or recovery code</label>
+        <%= text_field_tag(:otp, "",
+                           autocomplete: "one-time-code",
+                           size: 6) %>
+      </div>
+      <p>
+        Lost your authenticator device? You can use one of your
+        emergency recovery codes instead.
+      </p>
+    <% end %>
+    <p>
+      <button type="submit">
+        Change password
+      </button>
+      or <%= link_to "Return to login screen", admin_login_path %>
+    </p>
+  <% end %>
+</div>

data/app/views/admin/invites/show.html.erb CHANGED Viewed

@@ -14,7 +14,7 @@
   <%= f.labelled_text_field :email, autocomplete: "email" %>
   <%= f.labelled_password_field(:password,
                                 autocomplete: "new-password") %>
-  <%= f.labelled_password_field(:confirm_password,
+  <%= f.labelled_password_field(:password_confirmation,
                                 autocomplete: "new-password") %>
   <p>
     <button type="submit">

data/app/views/admin/otp_secrets/create.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<% content_for :page_title, "2FA enabled" %>
+<% content_for :page_description, "Two-factor authentication enabled" %>
+<div class="content">
+  <%= render(partial: "admin/recovery_codes/codes",
+             locals: { recovery_codes: @recovery_codes }) %>
+</div>

data/app/views/admin/otp_secrets/new.html.erb ADDED Viewed

@@ -0,0 +1,60 @@
+<% content_for :page_title, "Enable 2FA" %>
+<% content_for :page_description, "Enable two-factor authentication" %>
+<%= form_tag(admin_otp_secret_path, method: :post, class: "totp-enrollment") do |f| %>
+  <h2>
+    Scan the QR-code
+  </h2>
+  <p>
+    Use an authenticator app or browser extension to scan the QR code below.<br>
+    Don't have one? Some options are
+    <%= link_to("1Password", "https://1password.com/") %>,
+    <%= link_to("LastPass Authenticator", "https://www.lastpass.com/") %>,
+    <%= link_to("Microsoft Authenticator",
+                "https://www.microsoft.com/en-us/security/mobile-authenticator-app") %>
+    or
+    <%= link_to("Google Authenticator",
+                "https://support.google.com/accounts/answer/1066447") %>.
+  </p>
+  <div class="qr-code">
+    <%= qr_code(@otp_secret.provisioning_uri) %>
+  </div>
+  <p>
+    If you are unable to scan the code, you can enter the following
+    info instead:
+  </p>
+  <p>
+    <b>Account name:</b><br>
+    <%= @otp_secret.account_name %>
+  </p>
+  <p>
+    <b>Secret:</b><br>
+    <span class="otp-secret">
+      <%= @otp_secret.secret %>
+    </span>
+  </p>
+  <h2>
+    Enter the code from the app
+  </h2>
+  <div class="field">
+    <label for="otp">6 digit code</label>
+    <%= text_field_tag(:otp, "",
+                       autofocus: true,
+                       autocomplete: "one-time-code",
+                       size: 6) %>
+  </div>
+  <%= hidden_field_tag :signed_message, @otp_secret.signed_message %>
+  <p>
+    <button type="submit">
+      Verify
+    </button>
+  </p>
+<% end %>

data/app/views/admin/recovery_codes/_codes.html.erb ADDED Viewed

@@ -0,0 +1,14 @@
+<h2>
+  Recovery codes
+</h2>
+<p>
+  Please save the recovery codes below in a safe place, ideally
+  using a secure password manager.<br>
+  Without them, you will lose access to your account if you lose your device.
+</p>
+<ul class="recovery-codes">
+  <% recovery_codes.each do |c| %>
+    <li><%= c %></li>
+  <% end %>
+</ul>

data/app/views/admin/recovery_codes/create.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<% content_for :page_title, "New recovery codes" %>
+<% content_for :page_description, "Recovery codes updated" %>
+<div class="content">
+  <%= render(partial: "admin/recovery_codes/codes",
+             locals: { recovery_codes: @recovery_codes }) %>
+</div>

data/app/views/admin/recovery_codes/new.html.erb ADDED Viewed

@@ -0,0 +1,11 @@
+<% content_for :page_title, "New recovery codes" %>
+<% content_for :page_description, "Generate new recovery codes" %>
+<%= form_tag(admin_recovery_codes_path, method: :post) do |f| %>
+  <%= render(partial: "admin/sessions/otp_form") %>
+  <p>
+    <button type="submit">
+      Verify
+    </button>
+  </p>
+<% end %>

data/app/views/admin/sessions/_otp_form.html.erb ADDED Viewed

@@ -0,0 +1,13 @@
+<h2>
+  Two-factor authentication
+</h2>
+<p>
+  Enter a one-time code from your authenticator app to proceed.
+</p>
+<div class="field">
+  <label for="otp">6 digit code</label>
+  <%= text_field_tag(:otp, "",
+                     autofocus: true,
+                     autocomplete: "one-time-code",
+                     size: 6) %>
+</div>

data/app/views/admin/sessions/new.html.erb ADDED Viewed

@@ -0,0 +1,33 @@
+<% content_for :page_title, "Sign in" %>
+<% content_for(:page_description,
+               "Please enter your email address and password to sign in") %>
+<% content_for :body_class, "login" %>
+<% content_for :sidebar do %>
+  <h2>Please note</h2>
+  <p>
+    Please contact support if you experience problems logging in or using Pages.
+  </p>
+<% end %>
+<div class="login-form">
+  <%= form_tag admin_session_path do %>
+    <p>
+      <label>Email address</label>
+      <%= text_field_tag(:email, "", autocomplete: "email") %>
+    </p>
+    <p>
+      <label>Password</label>
+      <%= password_field_tag(:password, "", autocomplete: "current-password") %>
+    </p>
+    <p>
+      <button type="submit">Sign in</button>
+    </p>
+    <ul>
+      <li>
+        <%= link_to("<b>Help!</b> I forgot my password!".html_safe,
+                    new_admin_account_recovery_path) %>
+      </li>
+    </ul>
+  <% end %>
+</div>

data/app/views/admin/sessions/verify_otp.html.erb ADDED Viewed

@@ -0,0 +1,19 @@
+<% content_for :page_title, "Two-factor authentication" %>
+<% content_for :page_description, "Two-factor authentication" %>
+<%= form_tag(verify_otp_admin_session_path, method: :post) do |f| %>
+  <%= hidden_field_tag :signed_user_id, @signed_user_id %>
+  <%= render(partial: "admin/sessions/otp_form") %>
+  <p>
+    <button type="submit">
+      Verify
+    </button>
+  </p>
+  <p>
+    Lost your authenticator device?
+    <%= link_to("Recover your account here",
+                new_admin_account_recovery_path) %>.
+  </p>
+<% end %>

data/app/views/admin/users/edit.html.erb CHANGED Viewed

@@ -31,12 +31,42 @@
   <% if policy(@user).change_password? %>
     <h2>Password</h2>
     <%= f.labelled_password_field :password, 'Change password' %>
-    <%= f.labelled_password_field :confirm_password, 'Confirm password' %>
+    <%= f.labelled_password_field :password_confirmation, 'Confirm password' %>
     <p>
       Leave the password blank if you do not wish to change the password.
     </p>
   <% end %>
+  <% if policy(@user).otp? %>
+    <h2>Two-factor authentication</h2>
+    <% if @user.otp_enabled? %>
+      <p>
+        Two-factor authentication has been enabled.
+        <%= link_to("Disable",
+                    admin_otp_secret_path,
+                    class: :delete,
+                    method: :delete,
+                    data: { confirm: "Are you sure you want to disable 2FA?" }) %>
+      </p>
+      <p>
+        You have
+        <%= t("pages_core.recovery_codes",
+              count: @user.hashed_recovery_codes.length) %>
+        remaining.
+        <%= link_to("Generate new codes", new_admin_recovery_codes_path) %>
+      </p>
+    <% else %>
+      <p>
+        Protect your account with an additional layer of security by
+        requiring an authentication app to sign in.
+      </p>
+      <p>
+        <%= link_to("Enable 2FA", new_admin_otp_secret_path) %>
+      </p>
+    <% end %>
+  <% end %>
   <%= render partial: "access_control", locals: { user: @user, f: f } %>
   <p>

data/app/views/admin/users/new.html.erb CHANGED Viewed

@@ -11,7 +11,7 @@
   <%= f.labelled_text_field(:email, autocomplete: "email") %>
   <%= f.labelled_password_field(:password,
                                 autocomplete: "new-password") %>
-  <%= f.labelled_password_field(:confirm_password,
+  <%= f.labelled_password_field(:password_confirmation,
                                 autocomplete: "new-password") %>
   <p>

data/app/views/admin_mailer/account_recovery.text.erb ADDED Viewed

@@ -0,0 +1,10 @@
+Hi, <%= @user.name %>!
+We've received a request to recover your account on <%= PagesCore.config(:site_name) %>.
+Please click the following link to continue:
+<%= @url %>
+The link will expire in 24 hours.
+If you do not want to recover your password, please ignore this email.

data/app/views/layouts/admin/_header.html.erb CHANGED Viewed

@@ -10,7 +10,7 @@
   <% if logged_in? %>
     <div class="user">
       Hello, <%= link_to(current_user.name, admin_user_url(current_user)) %>
-      <%= link_to("Log out", session_path, method: "delete") %>
+      <%= link_to("Log out", admin_session_path, method: "delete") %>
     </div>
   <% end %>
   <nav class="tabs">

data/app/views/layouts/admin/_toast.html.erb ADDED Viewed

@@ -0,0 +1,12 @@
+<%= react_component "Toast", { notice: flash[:notice], error: flash[:error] } %>
+<% if Rails.env.test? && flash.any? %>
+  <div class="flash-test-helper">
+    <% %i[notice error].each do |type| %>
+      <% if flash[type] || true %>
+        <div class="<%= type %>">
+          <%= flash[type] %>
+        </div>
+      <% end %>
+    <% end %>
+  </div>
+<% end %>

data/app/views/layouts/admin.html.erb CHANGED Viewed

@@ -58,6 +58,6 @@
       <% end %>
     </div>
     <%= react_component "Modal", {} %>
-    <%= react_component "Toast", { notice: flash[:notice], error: flash[:error] } %>
+    <%= render(partial: "layouts/admin/toast") %>
   </body>
 </html>

data/config/locales/en.yml CHANGED Viewed

@@ -28,13 +28,21 @@ en:
       The provided email address and password combination was not valid
     invite_expired: This invite is no longer valid.
     logged_out: You have been logged out
-    password_reset:
+    otp:
+      already_enabled: 2FA has already been enabled
+      disabled: 2FA has been disabled
+      invalid_code: Invalid 2FA code
+      required: 2FA is required for this
+    account_recovery:
       changed: Your password has been changed
-      expired: Your password reset link has expired
-      invalid_request: Invalid password reset request
+      invalid_request: This link is no longer valid
       not_found: Couldn't find a user with that email address
       sent: An email with further instructions has been sent
       problems_saving: There were problems saving your changes
+    recovery_codes:
+      zero: "no recovery codes"
+      one: "one recovery code"
+      other: "%{count} recovery codes"
   templates:
     default:
       blocks:

data/config/routes.rb CHANGED Viewed

@@ -33,9 +33,6 @@ Rails.application.routes.draw do
   get "pages/:locale/*glob" => redirect("/%{locale}/pages/%{glob}"),
       locale: /\w\w\w/
-  # Authentication
-  resource :session, only: %i[create destroy]
   # Sitemap
   resource :sitemap, only: [:show]
@@ -51,9 +48,9 @@ Rails.application.routes.draw do
     end
     # Password resets
-    resources :password_resets, only: %i[create show update]
-    controller :password_resets do
-      get "/password_resets/:id/:token" => :show, as: :password_reset_with_token
+    resource :account_recovery
+    controller :account_recoveries do
+      get "/account_recovery/:token" => :show, as: :account_recovery_with_token
     end
     # Attachments
@@ -76,6 +73,14 @@ Rails.application.routes.draw do
     # Categories
     resources :categories
+    # Authentication
+    resource :session, only: %i[create destroy] do
+      member { post :verify_otp }
+    end
+    resource :otp_secret, only: %i[new create destroy]
+    resource :recovery_codes, only: %i[new create]
+    get "login" => "sessions#new", as: "login"
     # Pages
     scope ":locale" do
       resources :news,

data/db/migrate/20240126160700_add_2fa_fields.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+class Add2faFields < ActiveRecord::Migration[7.0]
+  def change
+    change_table :users do |t|
+      t.boolean :otp_enabled, null: false, default: false
+      t.string :otp_secret
+      t.datetime :last_otp_at
+      t.jsonb :hashed_recovery_codes, null: false, default: []
+      t.string :session_token
+    end
+    rename_column :users, :hashed_password, :password_digest
+    reversible do |dir|
+      dir.up do
+        User.find_each { |u| u.update(session_token: SecureRandom.hex(32)) }
+        change_column_null :users, :session_token, false
+      end
+    end
+  end
+end

data/db/migrate/20240129201300_remove_password_reset_tokens.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+class RemovePasswordResetTokens < ActiveRecord::Migration[7.0]
+  def change
+    drop_table :password_reset_tokens do |t|
+      t.integer :user_id
+      t.string :token
+      t.datetime :expires_at
+      t.datetime :created_at
+      t.datetime :updated_at
+    end
+  end
+end

data/lib/pages_core.rb CHANGED Viewed

@@ -32,6 +32,8 @@ require "pg_search"
 require "progress_bar"
 require "rails_i18n"
 require "RedCloth"
+require "rotp"
+require "rqrcode"
 require "sass-rails"
 require "typhoeus"
 require "will_paginate"
@@ -83,5 +85,9 @@ module PagesCore
       end
     end
     alias config configuration
+    def reset_configuration!
+      @configuration = PagesCore::Configuration::Pages.new
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pages_core
 version: !ruby/object:Gem::Version
-  version: 3.13.0
+  version: 3.14.0
 platform: ruby
 authors:
 - Inge Jørgensen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-17 00:00:00.000000000 Z
+date: 2024-01-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -206,6 +206,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 4.3.2
+- !ruby/object:Gem::Dependency
+  name: rotp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.3.0
+- !ruby/object:Gem::Dependency
+  name: rqrcode
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: tty-table
   requirement: !ruby/object:Gem::Requirement
@@ -377,6 +405,7 @@ files:
 - app/assets/stylesheets/pages_core/admin/components/textarea.css
 - app/assets/stylesheets/pages_core/admin/components/toast.css
 - app/assets/stylesheets/pages_core/admin/components/toolbar.css
+- app/assets/stylesheets/pages_core/admin/components/totp.css
 - app/assets/stylesheets/pages_core/admin/controllers/pages.css
 - app/assets/stylesheets/pages_core/admin/controllers/users.css
 - app/assets/stylesheets/pages_core/admin/vars.css
@@ -388,14 +417,17 @@ files:
 - app/controller_dummies/page_files_controller.rb
 - app/controller_dummies/pages_controller.rb
 - app/controller_dummies/sitemaps_controller.rb
+- app/controllers/admin/account_recoveries_controller.rb
 - app/controllers/admin/attachments_controller.rb
 - app/controllers/admin/calendars_controller.rb
 - app/controllers/admin/categories_controller.rb
 - app/controllers/admin/images_controller.rb
 - app/controllers/admin/invites_controller.rb
 - app/controllers/admin/news_controller.rb
+- app/controllers/admin/otp_secrets_controller.rb
 - app/controllers/admin/pages_controller.rb
-- app/controllers/admin/password_resets_controller.rb
+- app/controllers/admin/recovery_codes_controller.rb
+- app/controllers/admin/sessions_controller.rb
 - app/controllers/admin/users_controller.rb
 - app/controllers/concerns/pages_core/admin/persistent_params.rb
 - app/controllers/concerns/pages_core/authentication.rb
@@ -416,7 +448,6 @@ files:
 - app/controllers/pages_core/frontend_controller.rb
 - app/controllers/pages_core/images_controller.rb
 - app/controllers/pages_core/sitemaps_controller.rb
-- app/controllers/sessions_controller.rb
 - app/formatters/pages_core/html_formatter.rb
 - app/formatters/pages_core/image_embedder.rb
 - app/formatters/pages_core/link_renderer.rb
@@ -492,7 +523,6 @@ files:
 - app/javascript/components/drag/useDragUploader.ts
 - app/javascript/components/drag/useDraggable.ts
 - app/javascript/controllers/EditPageController.ts
-- app/javascript/controllers/LoginController.ts
 - app/javascript/controllers/MainController.ts
 - app/javascript/controllers/PageOptionsController.js
 - app/javascript/features/RichText.tsx
@@ -512,6 +542,7 @@ files:
 - app/models/attachment.rb
 - app/models/autopublisher.rb
 - app/models/category.rb
+- app/models/concerns/pages_core/has_otp.rb
 - app/models/concerns/pages_core/has_roles.rb
 - app/models/concerns/pages_core/humanizable_param.rb
 - app/models/concerns/pages_core/page_model/attachments.rb
@@ -532,6 +563,7 @@ files:
 - app/models/image.rb
 - app/models/invite.rb
 - app/models/invite_role.rb
+- app/models/otp_secret.rb
 - app/models/page.rb
 - app/models/page_builder.rb
 - app/models/page_category.rb
@@ -539,7 +571,6 @@ files:
 - app/models/page_file.rb
 - app/models/page_image.rb
 - app/models/page_path.rb
-- app/models/password_reset_token.rb
 - app/models/role.rb
 - app/models/search_document.rb
 - app/models/tag.rb
@@ -563,6 +594,8 @@ files:
 - app/services/pages_core/create_user_service.rb
 - app/services/pages_core/destroy_invite_service.rb
 - app/services/pages_core/invite_service.rb
+- app/views/admin/account_recoveries/new.html.erb
+- app/views/admin/account_recoveries/show.html.erb
 - app/views/admin/calendars/_sidebar.html.erb
 - app/views/admin/calendars/show.html.erb
 - app/views/admin/images/show.json.jbuilder
@@ -570,6 +603,8 @@ files:
 - app/views/admin/invites/show.html.erb
 - app/views/admin/news/_sidebar.html.erb
 - app/views/admin/news/index.html.erb
+- app/views/admin/otp_secrets/create.html.erb
+- app/views/admin/otp_secrets/new.html.erb
 - app/views/admin/pages/_edit_content.html.erb
 - app/views/admin/pages/_edit_files.html.erb
 - app/views/admin/pages/_edit_images.html.erb
@@ -583,18 +618,22 @@ files:
 - app/views/admin/pages/index.html.erb
 - app/views/admin/pages/new.html.erb
 - app/views/admin/pages/search.html.erb
-- app/views/admin/password_resets/show.html.erb
+- app/views/admin/recovery_codes/_codes.html.erb
+- app/views/admin/recovery_codes/create.html.erb
+- app/views/admin/recovery_codes/new.html.erb
+- app/views/admin/sessions/_otp_form.html.erb
+- app/views/admin/sessions/new.html.erb
+- app/views/admin/sessions/verify_otp.html.erb
 - app/views/admin/users/_access_control.html.erb
 - app/views/admin/users/_list.html.erb
 - app/views/admin/users/deactivated.html.erb
 - app/views/admin/users/edit.html.erb
 - app/views/admin/users/index.html.erb
-- app/views/admin/users/login.html.erb
 - app/views/admin/users/new.html.erb
 - app/views/admin/users/new_password.html.erb
 - app/views/admin/users/show.html.erb
+- app/views/admin_mailer/account_recovery.text.erb
 - app/views/admin_mailer/invite.text.erb
-- app/views/admin_mailer/password_reset.text.erb
 - app/views/errors/401.html.erb
 - app/views/errors/403.html.erb
 - app/views/errors/404.html.erb
@@ -606,6 +645,7 @@ files:
 - app/views/layouts/admin.html.erb
 - app/views/layouts/admin/_header.html.erb
 - app/views/layouts/admin/_page_header.html.erb
+- app/views/layouts/admin/_toast.html.erb
 - app/views/layouts/errors.html.erb
 - app/views/sitemaps/show.xml.builder
 - config/locales/en.yml
@@ -615,6 +655,8 @@ files:
 - db/migrate/20210209151400_create_search_configurations.rb
 - db/migrate/20210210235200_create_search_documents.rb
 - db/migrate/20220615160300_remove_username.rb
+- db/migrate/20240126160700_add_2fa_fields.rb
+- db/migrate/20240129201300_remove_password_reset_tokens.rb
 - lib/pages_core.rb
 - lib/pages_core/admin_menu_item.rb
 - lib/pages_core/archive_finder.rb