You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When there is no encryption key, the encryption should fail with a 500 error so that shared secrets are not accidentally left unprotected in the database
As a user, who has tried to provide the wrong TOTP code 10 times, my account should be locked out just like if I had entered my password wrong too many times to protect me against brute force attacks
Trigger the devise lock out mechanism and allow the customer app to handle from there
As a user, I should not be able to enter the same TOTP code twice even if I submit within the time period that the code is valid
Do not need to store previous codes forever since they become invalid over time
Should be atomic. Worth creating a special purpose database table.
Some Tests in Definition of Done