Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

task(customs): Update rules for consistency #18538

Merged
merged 1 commit into from
Mar 12, 2025
Merged

task(customs): Update rules for consistency #18538

merged 1 commit into from
Mar 12, 2025

Conversation

dschom
Copy link
Contributor

@dschom dschom commented Mar 12, 2025

Because

  • We want a consistent user experience.
  • We want to give users 5 attempts for codes
  • We want to have consistent ban durations

This pull request

  • Changes OTP recovery phone code validity to 5 minute windows
  • Changes max attempts to OTP recovery phones to 5
  • Changes block durations for otp codes to 15 minutes on recovery phone, 2FA, and password reset otp

Issue that this pull request solves

Closes: FXA-11272

Checklist

Put an x in the boxes that apply

  • My commit is GPG signed.
  • If applicable, I have modified or added tests which pass locally.
  • I have added necessary documentation (if appropriate).
  • I have verified that my changes render correctly in RTL (if appropriate).

Screenshots (Optional)

Please attach the screenshots of the changes made in case of change in user interface.

Other information (Optional)

There's a chance this could break some tests... Hopefully impact is small. If impact is big we might need to roll back some of these.

@dschom
task(customs): Update rules for consistency
0e969ae 
Because:
- We want a consistent user experience.
- We want to give users 5 attempts for codes
- We want to have consistent ban durations

This Commit:
- Changes OTP recovery phone codes to 5 minute windows
- Changes max attempts to OTP recovery phones to 5
- Changes block durations for otp codes to 15 minutes on recovery phone, 2FA, and password reset otp
@dschom dschom requested a review from a team as a code owner March 12, 2025 16:38
@dschom dschom requested a review from vpomerleau March 12, 2025 16:38
vpomerleau
vpomerleau approved these changes Mar 12, 2025
View reviewed changes
Copy link
Contributor

@vpomerleau vpomerleau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@dschom dschom merged commit 3d56ce5 into main Mar 12, 2025
11 of 13 checks passed
@dschom dschom deleted the FXA-11272 branch March 12, 2025 16:50
@StaberindeZA StaberindeZA mentioned this pull request Mar 12, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vpomerleau vpomerleau vpomerleau approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dschom @vpomerleau