RubyGems - pages_core - Versions diffs - 3.13.0 → 3.14.0 - Mend

pages_core 3.13.0 → 3.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (52) hide show

checksums.yaml +4 -4
data/VERSION +1 -1
data/app/assets/builds/pages_core/admin-dist.js +1 -1
data/app/assets/builds/pages_core/admin-dist.js.map +4 -4
data/app/assets/builds/pages_core/admin.css +27 -4
data/app/assets/stylesheets/pages_core/admin/components/login.css +0 -6
data/app/assets/stylesheets/pages_core/admin/components/totp.css +26 -0
data/app/controllers/admin/account_recoveries_controller.rb +87 -0
data/app/controllers/admin/invites_controller.rb +3 -2
data/app/controllers/admin/otp_secrets_controller.rb +45 -0
data/app/controllers/admin/recovery_codes_controller.rb +32 -0
data/app/controllers/admin/sessions_controller.rb +65 -0
data/app/controllers/admin/users_controller.rb +2 -8
data/app/controllers/concerns/pages_core/authentication.rb +12 -10
data/app/controllers/pages_core/admin_controller.rb +1 -1
data/app/helpers/pages_core/admin/admin_helper.rb +11 -0
data/app/javascript/index.ts +0 -2
data/app/mailers/admin_mailer.rb +2 -2
data/app/models/concerns/pages_core/has_otp.rb +27 -0
data/app/models/otp_secret.rb +101 -0
data/app/models/user.rb +15 -37
data/app/policies/user_policy.rb +4 -0
data/app/views/admin/account_recoveries/new.html.erb +22 -0
data/app/views/admin/account_recoveries/show.html.erb +37 -0
data/app/views/admin/invites/show.html.erb +1 -1
data/app/views/admin/otp_secrets/create.html.erb +7 -0
data/app/views/admin/otp_secrets/new.html.erb +60 -0
data/app/views/admin/recovery_codes/_codes.html.erb +14 -0
data/app/views/admin/recovery_codes/create.html.erb +7 -0
data/app/views/admin/recovery_codes/new.html.erb +11 -0
data/app/views/admin/sessions/_otp_form.html.erb +13 -0
data/app/views/admin/sessions/new.html.erb +33 -0
data/app/views/admin/sessions/verify_otp.html.erb +19 -0
data/app/views/admin/users/edit.html.erb +31 -1
data/app/views/admin/users/new.html.erb +1 -1
data/app/views/admin_mailer/account_recovery.text.erb +10 -0
data/app/views/layouts/admin/_header.html.erb +1 -1
data/app/views/layouts/admin/_toast.html.erb +12 -0
data/app/views/layouts/admin.html.erb +1 -1
data/config/locales/en.yml +11 -3
data/config/routes.rb +11 -6
data/db/migrate/20240126160700_add_2fa_fields.rb +22 -0
data/db/migrate/20240129201300_remove_password_reset_tokens.rb +13 -0
data/lib/pages_core.rb +6 -0
metadata +51 -9
data/app/controllers/admin/password_resets_controller.rb +0 -85
data/app/controllers/sessions_controller.rb +0 -27
data/app/javascript/controllers/LoginController.ts +0 -32
data/app/models/password_reset_token.rb +0 -34
data/app/views/admin/password_resets/show.html.erb +0 -21
data/app/views/admin/users/login.html.erb +0 -65
data/app/views/admin_mailer/password_reset.text.erb +0 -11

data/app/views/admin/account_recoveries/new.html.erb ADDED Viewed

@@ -0,0 +1,22 @@
+<% content_for :page_title, "Account recovery" %>
+<% content_for :page_description, "Account recovery" %>
+<%= form_tag admin_account_recovery_path do %>
+  <h2>
+    Forgot your password or lost your authenticator?
+  </h2>
+  <p>
+    Don't worry, it happens.
+    Enter your email address below, and we'll send you a link where you
+    can recover your account.
+  </p>
+  <div class="field">
+    <label for="email">Email address</label>
+    <%= text_field_tag(:email, "", autocomplete: "email", autofocus: true) %>
+  </div>
+  <p>
+    <button type="submit">
+      Send
+    </button>
+  </p>
+<% end %>

data/app/views/admin/account_recoveries/show.html.erb ADDED Viewed

@@ -0,0 +1,37 @@
+<% content_for :page_title, "Account recovery" %>
+<% content_for :page_description, "Please choose a new password to proceed" %>
+<% content_for :body_class, "login" %>
+<div class="login-form">
+  <%= form_for(@user,
+               url: admin_account_recovery_path,
+               builder: PagesCore::Admin::FormBuilder,
+               class: 'form') do |f| %>
+    <%= hidden_field_tag :token, @token %>
+    <%= f.labelled_password_field(:password,
+                                  autofocus: true,
+                                  autocomplete: "new-password") %>
+    <%= f.labelled_password_field(:password_confirmation,
+                                  autocomplete: "new-password") %>
+    <% if @user.otp_enabled? %>
+      <div class="field">
+        <label for="otp">6 digit code or recovery code</label>
+        <%= text_field_tag(:otp, "",
+                           autocomplete: "one-time-code",
+                           size: 6) %>
+      </div>
+      <p>
+        Lost your authenticator device? You can use one of your
+        emergency recovery codes instead.
+      </p>
+    <% end %>
+    <p>
+      <button type="submit">
+        Change password
+      </button>
+      or <%= link_to "Return to login screen", admin_login_path %>
+    </p>
+  <% end %>
+</div>

data/app/views/admin/invites/show.html.erb CHANGED Viewed

@@ -14,7 +14,7 @@
   <%= f.labelled_text_field :email, autocomplete: "email" %>
   <%= f.labelled_password_field(:password,
                                 autocomplete: "new-password") %>
-  <%= f.labelled_password_field(:confirm_password,
+  <%= f.labelled_password_field(:password_confirmation,
                                 autocomplete: "new-password") %>
   <p>
     <button type="submit">

data/app/views/admin/otp_secrets/create.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<% content_for :page_title, "2FA enabled" %>
+<% content_for :page_description, "Two-factor authentication enabled" %>
+<div class="content">
+  <%= render(partial: "admin/recovery_codes/codes",
+             locals: { recovery_codes: @recovery_codes }) %>
+</div>

data/app/views/admin/otp_secrets/new.html.erb ADDED Viewed

@@ -0,0 +1,60 @@
+<% content_for :page_title, "Enable 2FA" %>
+<% content_for :page_description, "Enable two-factor authentication" %>
+<%= form_tag(admin_otp_secret_path, method: :post, class: "totp-enrollment") do |f| %>
+  <h2>
+    Scan the QR-code
+  </h2>
+  <p>
+    Use an authenticator app or browser extension to scan the QR code below.<br>
+    Don't have one? Some options are
+    <%= link_to("1Password", "https://1password.com/") %>,
+    <%= link_to("LastPass Authenticator", "https://www.lastpass.com/") %>,
+    <%= link_to("Microsoft Authenticator",
+                "https://www.microsoft.com/en-us/security/mobile-authenticator-app") %>
+    or
+    <%= link_to("Google Authenticator",
+                "https://support.google.com/accounts/answer/1066447") %>.
+  </p>
+  <div class="qr-code">
+    <%= qr_code(@otp_secret.provisioning_uri) %>
+  </div>
+  <p>
+    If you are unable to scan the code, you can enter the following
+    info instead:
+  </p>
+  <p>
+    <b>Account name:</b><br>
+    <%= @otp_secret.account_name %>
+  </p>
+  <p>
+    <b>Secret:</b><br>
+    <span class="otp-secret">
+      <%= @otp_secret.secret %>
+    </span>
+  </p>
+  <h2>
+    Enter the code from the app
+  </h2>
+  <div class="field">
+    <label for="otp">6 digit code</label>
+    <%= text_field_tag(:otp, "",
+                       autofocus: true,
+                       autocomplete: "one-time-code",
+                       size: 6) %>
+  </div>
+  <%= hidden_field_tag :signed_message, @otp_secret.signed_message %>
+  <p>
+    <button type="submit">
+      Verify
+    </button>
+  </p>
+<% end %>

data/app/views/admin/recovery_codes/_codes.html.erb ADDED Viewed

@@ -0,0 +1,14 @@
+<h2>
+  Recovery codes
+</h2>
+<p>
+  Please save the recovery codes below in a safe place, ideally
+  using a secure password manager.<br>
+  Without them, you will lose access to your account if you lose your device.
+</p>
+<ul class="recovery-codes">
+  <% recovery_codes.each do |c| %>
+    <li><%= c %></li>
+  <% end %>
+</ul>

data/app/views/admin/recovery_codes/create.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<% content_for :page_title, "New recovery codes" %>
+<% content_for :page_description, "Recovery codes updated" %>
+<div class="content">
+  <%= render(partial: "admin/recovery_codes/codes",
+             locals: { recovery_codes: @recovery_codes }) %>
+</div>

data/app/views/admin/recovery_codes/new.html.erb ADDED Viewed

@@ -0,0 +1,11 @@
+<% content_for :page_title, "New recovery codes" %>
+<% content_for :page_description, "Generate new recovery codes" %>
+<%= form_tag(admin_recovery_codes_path, method: :post) do |f| %>
+  <%= render(partial: "admin/sessions/otp_form") %>
+  <p>
+    <button type="submit">
+      Verify
+    </button>
+  </p>
+<% end %>

data/app/views/admin/sessions/_otp_form.html.erb ADDED Viewed

@@ -0,0 +1,13 @@
+<h2>
+  Two-factor authentication
+</h2>
+<p>
+  Enter a one-time code from your authenticator app to proceed.
+</p>
+<div class="field">
+  <label for="otp">6 digit code</label>
+  <%= text_field_tag(:otp, "",
+                     autofocus: true,
+                     autocomplete: "one-time-code",
+                     size: 6) %>
+</div>

data/app/views/admin/sessions/new.html.erb ADDED Viewed

@@ -0,0 +1,33 @@
+<% content_for :page_title, "Sign in" %>
+<% content_for(:page_description,
+               "Please enter your email address and password to sign in") %>
+<% content_for :body_class, "login" %>
+<% content_for :sidebar do %>
+  <h2>Please note</h2>
+  <p>
+    Please contact support if you experience problems logging in or using Pages.
+  </p>
+<% end %>
+<div class="login-form">
+  <%= form_tag admin_session_path do %>
+    <p>
+      <label>Email address</label>
+      <%= text_field_tag(:email, "", autocomplete: "email") %>
+    </p>
+    <p>
+      <label>Password</label>
+      <%= password_field_tag(:password, "", autocomplete: "current-password") %>
+    </p>
+    <p>
+      <button type="submit">Sign in</button>
+    </p>
+    <ul>
+      <li>
+        <%= link_to("<b>Help!</b> I forgot my password!".html_safe,
+                    new_admin_account_recovery_path) %>
+      </li>
+    </ul>
+  <% end %>
+</div>

data/app/views/admin/sessions/verify_otp.html.erb ADDED Viewed

@@ -0,0 +1,19 @@
+<% content_for :page_title, "Two-factor authentication" %>
+<% content_for :page_description, "Two-factor authentication" %>
+<%= form_tag(verify_otp_admin_session_path, method: :post) do |f| %>
+  <%= hidden_field_tag :signed_user_id, @signed_user_id %>
+  <%= render(partial: "admin/sessions/otp_form") %>
+  <p>
+    <button type="submit">
+      Verify
+    </button>
+  </p>
+  <p>
+    Lost your authenticator device?
+    <%= link_to("Recover your account here",
+                new_admin_account_recovery_path) %>.
+  </p>
+<% end %>

data/app/views/admin/users/edit.html.erb CHANGED Viewed

@@ -31,12 +31,42 @@
   <% if policy(@user).change_password? %>
     <h2>Password</h2>
     <%= f.labelled_password_field :password, 'Change password' %>
-    <%= f.labelled_password_field :confirm_password, 'Confirm password' %>
+    <%= f.labelled_password_field :password_confirmation, 'Confirm password' %>
     <p>
       Leave the password blank if you do not wish to change the password.
     </p>
   <% end %>
+  <% if policy(@user).otp? %>
+    <h2>Two-factor authentication</h2>
+    <% if @user.otp_enabled? %>
+      <p>
+        Two-factor authentication has been enabled.
+        <%= link_to("Disable",
+                    admin_otp_secret_path,
+                    class: :delete,
+                    method: :delete,
+                    data: { confirm: "Are you sure you want to disable 2FA?" }) %>
+      </p>
+      <p>
+        You have
+        <%= t("pages_core.recovery_codes",
+              count: @user.hashed_recovery_codes.length) %>
+        remaining.
+        <%= link_to("Generate new codes", new_admin_recovery_codes_path) %>
+      </p>
+    <% else %>
+      <p>
+        Protect your account with an additional layer of security by
+        requiring an authentication app to sign in.
+      </p>
+      <p>
+        <%= link_to("Enable 2FA", new_admin_otp_secret_path) %>
+      </p>
+    <% end %>
+  <% end %>
   <%= render partial: "access_control", locals: { user: @user, f: f } %>
   <p>

data/app/views/admin/users/new.html.erb CHANGED Viewed

@@ -11,7 +11,7 @@
   <%= f.labelled_text_field(:email, autocomplete: "email") %>
   <%= f.labelled_password_field(:password,
                                 autocomplete: "new-password") %>
-  <%= f.labelled_password_field(:confirm_password,
+  <%= f.labelled_password_field(:password_confirmation,
                                 autocomplete: "new-password") %>
   <p>

data/app/views/admin_mailer/account_recovery.text.erb ADDED Viewed

@@ -0,0 +1,10 @@
+Hi, <%= @user.name %>!
+We've received a request to recover your account on <%= PagesCore.config(:site_name) %>.
+Please click the following link to continue:
+<%= @url %>
+The link will expire in 24 hours.
+If you do not want to recover your password, please ignore this email.

data/app/views/layouts/admin/_header.html.erb CHANGED Viewed

@@ -10,7 +10,7 @@
   <% if logged_in? %>
     <div class="user">
       Hello, <%= link_to(current_user.name, admin_user_url(current_user)) %>
-      <%= link_to("Log out", session_path, method: "delete") %>
+      <%= link_to("Log out", admin_session_path, method: "delete") %>
     </div>
   <% end %>
   <nav class="tabs">

data/app/views/layouts/admin/_toast.html.erb ADDED Viewed

@@ -0,0 +1,12 @@
+<%= react_component "Toast", { notice: flash[:notice], error: flash[:error] } %>
+<% if Rails.env.test? && flash.any? %>
+  <div class="flash-test-helper">
+    <% %i[notice error].each do |type| %>
+      <% if flash[type] || true %>
+        <div class="<%= type %>">
+          <%= flash[type] %>
+        </div>
+      <% end %>
+    <% end %>
+  </div>
+<% end %>

data/app/views/layouts/admin.html.erb CHANGED Viewed

@@ -58,6 +58,6 @@
       <% end %>
     </div>
     <%= react_component "Modal", {} %>
-    <%= react_component "Toast", { notice: flash[:notice], error: flash[:error] } %>
+    <%= render(partial: "layouts/admin/toast") %>
   </body>
 </html>

data/config/locales/en.yml CHANGED Viewed

@@ -28,13 +28,21 @@ en:
       The provided email address and password combination was not valid
     invite_expired: This invite is no longer valid.
     logged_out: You have been logged out
-    password_reset:
+    otp:
+      already_enabled: 2FA has already been enabled
+      disabled: 2FA has been disabled
+      invalid_code: Invalid 2FA code
+      required: 2FA is required for this
+    account_recovery:
       changed: Your password has been changed
-      expired: Your password reset link has expired
-      invalid_request: Invalid password reset request
+      invalid_request: This link is no longer valid
       not_found: Couldn't find a user with that email address
       sent: An email with further instructions has been sent
       problems_saving: There were problems saving your changes
+    recovery_codes:
+      zero: "no recovery codes"
+      one: "one recovery code"
+      other: "%{count} recovery codes"
   templates:
     default:
       blocks:

data/config/routes.rb CHANGED Viewed

@@ -33,9 +33,6 @@ Rails.application.routes.draw do
   get "pages/:locale/*glob" => redirect("/%{locale}/pages/%{glob}"),
       locale: /\w\w\w/
-  # Authentication
-  resource :session, only: %i[create destroy]
   # Sitemap
   resource :sitemap, only: [:show]
@@ -51,9 +48,9 @@ Rails.application.routes.draw do
     end
     # Password resets
-    resources :password_resets, only: %i[create show update]
-    controller :password_resets do
-      get "/password_resets/:id/:token" => :show, as: :password_reset_with_token
+    resource :account_recovery
+    controller :account_recoveries do
+      get "/account_recovery/:token" => :show, as: :account_recovery_with_token
     end
     # Attachments
@@ -76,6 +73,14 @@ Rails.application.routes.draw do
     # Categories
     resources :categories
+    # Authentication
+    resource :session, only: %i[create destroy] do
+      member { post :verify_otp }
+    end
+    resource :otp_secret, only: %i[new create destroy]
+    resource :recovery_codes, only: %i[new create]
+    get "login" => "sessions#new", as: "login"
     # Pages
     scope ":locale" do
       resources :news,

data/db/migrate/20240126160700_add_2fa_fields.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+class Add2faFields < ActiveRecord::Migration[7.0]
+  def change
+    change_table :users do |t|
+      t.boolean :otp_enabled, null: false, default: false
+      t.string :otp_secret
+      t.datetime :last_otp_at
+      t.jsonb :hashed_recovery_codes, null: false, default: []
+      t.string :session_token
+    end
+    rename_column :users, :hashed_password, :password_digest
+    reversible do |dir|
+      dir.up do
+        User.find_each { |u| u.update(session_token: SecureRandom.hex(32)) }
+        change_column_null :users, :session_token, false
+      end
+    end
+  end
+end

data/db/migrate/20240129201300_remove_password_reset_tokens.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+class RemovePasswordResetTokens < ActiveRecord::Migration[7.0]
+  def change
+    drop_table :password_reset_tokens do |t|
+      t.integer :user_id
+      t.string :token
+      t.datetime :expires_at
+      t.datetime :created_at
+      t.datetime :updated_at
+    end
+  end
+end

data/lib/pages_core.rb CHANGED Viewed

@@ -32,6 +32,8 @@ require "pg_search"
 require "progress_bar"
 require "rails_i18n"
 require "RedCloth"
+require "rotp"
+require "rqrcode"
 require "sass-rails"
 require "typhoeus"
 require "will_paginate"
@@ -83,5 +85,9 @@ module PagesCore
       end
     end
     alias config configuration
+    def reset_configuration!
+      @configuration = PagesCore::Configuration::Pages.new
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pages_core
 version: !ruby/object:Gem::Version
-  version: 3.13.0
+  version: 3.14.0
 platform: ruby
 authors:
 - Inge Jørgensen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-17 00:00:00.000000000 Z
+date: 2024-01-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -206,6 +206,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 4.3.2
+- !ruby/object:Gem::Dependency
+  name: rotp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.3.0
+- !ruby/object:Gem::Dependency
+  name: rqrcode
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: tty-table
   requirement: !ruby/object:Gem::Requirement
@@ -377,6 +405,7 @@ files:
 - app/assets/stylesheets/pages_core/admin/components/textarea.css
 - app/assets/stylesheets/pages_core/admin/components/toast.css
 - app/assets/stylesheets/pages_core/admin/components/toolbar.css
+- app/assets/stylesheets/pages_core/admin/components/totp.css
 - app/assets/stylesheets/pages_core/admin/controllers/pages.css
 - app/assets/stylesheets/pages_core/admin/controllers/users.css
 - app/assets/stylesheets/pages_core/admin/vars.css
@@ -388,14 +417,17 @@ files:
 - app/controller_dummies/page_files_controller.rb
 - app/controller_dummies/pages_controller.rb
 - app/controller_dummies/sitemaps_controller.rb
+- app/controllers/admin/account_recoveries_controller.rb
 - app/controllers/admin/attachments_controller.rb
 - app/controllers/admin/calendars_controller.rb
 - app/controllers/admin/categories_controller.rb
 - app/controllers/admin/images_controller.rb
 - app/controllers/admin/invites_controller.rb
 - app/controllers/admin/news_controller.rb
+- app/controllers/admin/otp_secrets_controller.rb
 - app/controllers/admin/pages_controller.rb
-- app/controllers/admin/password_resets_controller.rb
+- app/controllers/admin/recovery_codes_controller.rb
+- app/controllers/admin/sessions_controller.rb
 - app/controllers/admin/users_controller.rb
 - app/controllers/concerns/pages_core/admin/persistent_params.rb
 - app/controllers/concerns/pages_core/authentication.rb
@@ -416,7 +448,6 @@ files:
 - app/controllers/pages_core/frontend_controller.rb
 - app/controllers/pages_core/images_controller.rb
 - app/controllers/pages_core/sitemaps_controller.rb
-- app/controllers/sessions_controller.rb
 - app/formatters/pages_core/html_formatter.rb
 - app/formatters/pages_core/image_embedder.rb
 - app/formatters/pages_core/link_renderer.rb
@@ -492,7 +523,6 @@ files:
 - app/javascript/components/drag/useDragUploader.ts
 - app/javascript/components/drag/useDraggable.ts
 - app/javascript/controllers/EditPageController.ts
-- app/javascript/controllers/LoginController.ts
 - app/javascript/controllers/MainController.ts
 - app/javascript/controllers/PageOptionsController.js
 - app/javascript/features/RichText.tsx
@@ -512,6 +542,7 @@ files:
 - app/models/attachment.rb
 - app/models/autopublisher.rb
 - app/models/category.rb
+- app/models/concerns/pages_core/has_otp.rb
 - app/models/concerns/pages_core/has_roles.rb
 - app/models/concerns/pages_core/humanizable_param.rb
 - app/models/concerns/pages_core/page_model/attachments.rb
@@ -532,6 +563,7 @@ files:
 - app/models/image.rb
 - app/models/invite.rb
 - app/models/invite_role.rb
+- app/models/otp_secret.rb
 - app/models/page.rb
 - app/models/page_builder.rb
 - app/models/page_category.rb
@@ -539,7 +571,6 @@ files:
 - app/models/page_file.rb
 - app/models/page_image.rb
 - app/models/page_path.rb
-- app/models/password_reset_token.rb
 - app/models/role.rb
 - app/models/search_document.rb
 - app/models/tag.rb
@@ -563,6 +594,8 @@ files:
 - app/services/pages_core/create_user_service.rb
 - app/services/pages_core/destroy_invite_service.rb
 - app/services/pages_core/invite_service.rb
+- app/views/admin/account_recoveries/new.html.erb
+- app/views/admin/account_recoveries/show.html.erb
 - app/views/admin/calendars/_sidebar.html.erb
 - app/views/admin/calendars/show.html.erb
 - app/views/admin/images/show.json.jbuilder
@@ -570,6 +603,8 @@ files:
 - app/views/admin/invites/show.html.erb
 - app/views/admin/news/_sidebar.html.erb
 - app/views/admin/news/index.html.erb
+- app/views/admin/otp_secrets/create.html.erb
+- app/views/admin/otp_secrets/new.html.erb
 - app/views/admin/pages/_edit_content.html.erb
 - app/views/admin/pages/_edit_files.html.erb
 - app/views/admin/pages/_edit_images.html.erb
@@ -583,18 +618,22 @@ files:
 - app/views/admin/pages/index.html.erb
 - app/views/admin/pages/new.html.erb
 - app/views/admin/pages/search.html.erb
-- app/views/admin/password_resets/show.html.erb
+- app/views/admin/recovery_codes/_codes.html.erb
+- app/views/admin/recovery_codes/create.html.erb
+- app/views/admin/recovery_codes/new.html.erb
+- app/views/admin/sessions/_otp_form.html.erb
+- app/views/admin/sessions/new.html.erb
+- app/views/admin/sessions/verify_otp.html.erb
 - app/views/admin/users/_access_control.html.erb
 - app/views/admin/users/_list.html.erb
 - app/views/admin/users/deactivated.html.erb
 - app/views/admin/users/edit.html.erb
 - app/views/admin/users/index.html.erb
-- app/views/admin/users/login.html.erb
 - app/views/admin/users/new.html.erb
 - app/views/admin/users/new_password.html.erb
 - app/views/admin/users/show.html.erb
+- app/views/admin_mailer/account_recovery.text.erb
 - app/views/admin_mailer/invite.text.erb
-- app/views/admin_mailer/password_reset.text.erb
 - app/views/errors/401.html.erb
 - app/views/errors/403.html.erb
 - app/views/errors/404.html.erb
@@ -606,6 +645,7 @@ files:
 - app/views/layouts/admin.html.erb
 - app/views/layouts/admin/_header.html.erb
 - app/views/layouts/admin/_page_header.html.erb
+- app/views/layouts/admin/_toast.html.erb
 - app/views/layouts/errors.html.erb
 - app/views/sitemaps/show.xml.builder
 - config/locales/en.yml
@@ -615,6 +655,8 @@ files:
 - db/migrate/20210209151400_create_search_configurations.rb
 - db/migrate/20210210235200_create_search_documents.rb
 - db/migrate/20220615160300_remove_username.rb
+- db/migrate/20240126160700_add_2fa_fields.rb
+- db/migrate/20240129201300_remove_password_reset_tokens.rb
 - lib/pages_core.rb
 - lib/pages_core/admin_menu_item.rb
 - lib/pages_core/archive_finder.rb