ConfigController: remove 2fa cancel step

This change annoys me, however this endpoint was anyway problematic: - it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3 - it is useless as we don't really handle a two-steps validation Still, if you send an incorrect code during the "activation" phase a flash error will pop up but the 2fa will stay enabled. This need rework when possible. Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-09-30 00:46:19 +02:00
parent 5240684be9
commit aa06e8328e
3 changed files with 10 additions and 36 deletions
--- a/src/Wallabag/CoreBundle/Resources/views/Config/otp_app.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/Config/otp_app.html.twig
@ -50,9 +50,6 @@
                                    </div>
                                </div>
                                <div class="card-action">
-                                    <a href="{{ path('config_otp_app_cancel') }}" class="waves-effect waves-light grey btn">
-                                        {{ 'config.otp.app.cancel'|trans }}
-                                    </a>
                                    <button class="btn waves-effect waves-light" type="submit" name="send">
                                        {{ 'config.otp.app.enable'|trans }}
                                        <i class="material-icons right">send</i>