* Replace "phone" with "device"
* Advise users to mark scratch tokens as used upon usage
* Advice users they're for emergency usage when no access to device
Bug: T150564
Bug: T150868
Bug: T174937
Change-Id: Icd11a4fe00dd63430640ed9d01bc1c30f3c7ca88
The raw svg was represented to a11y dom as 256x256 images (due to
the 'use'). Convert the raw SVG to a base64 encoded img data uri and
provide it with an alt attribute describing the function.
While the qr code is duplicate with the 'manual' code below it, it is
not decorative so should not suppress alt. It's a big image and if
you use touch interaction, it would create a big blank spot. It is
useful to know for users that the QR code is there.
The img wrapping should also make the SVG usage slightly safer. It
avoids any potential remote resource usage from inside the SVG. While
this is not a direct danger right now, compromised php packages can
happen, and this limits the impact in that case.
Bug: T151550
Change-Id: I568927ace95a1fdf9cd7990bc7de8461718aa1c1
We want to customize the message depending on the number of active
devices, for example "an authentication device was removed" vs
"two-factor has been disabled".
Bug: T353962
Change-Id: Iaeb119a7cc6c264c4e49edeb3a88453786547021
This means that when keys will be ID-aware, a key object can be
immutable (instead of creating it without an ID and adding it in
persist()).
Change-Id: Ie1286ed71871dcedb2bd7d8d373f944be6691064
updateDatabaseValueFormat and updateTOTPToMultipleKeys are from 1.34:
Iaf9facb54cd9693f20ed2f48d22b076c4b626705
I71286534d21d95083436d64d79811943c1a1d032
updateTOTPScratchTokensToArray is from 1.36:
Ie8de059888363bf1cea4f0b268a46faaa5671904
Change-Id: I6de64d95b2e4b132d321b6f8f0129c476ef00f7f
Use the same PHP library as UrlShortener (endroid/qr-code) to
generate QR codes, rather than the out-of-date JS library.
Bug: T348590
Change-Id: I560ac1b384e249aad1866752deac753c764ec553
What: Added a new Traditional Chinese special page alias "OATH驗證".
Why:
* Space or underscore shouldn't appear, it may cause difficulties on typing,
especially when it is inconsistent with the alias in Simplified Chinese.
The underscore in current version was introduced in the commit a08848f.
* "認證" should match "certification", not "authentication", the proper name for
"authentication" in Traditional Chinese should be "驗證" instead.
Reference: https://zh.wikipedia.org/wiki/多重要素驗證
* For compatibility, I added the new alias, instead of changing.
Bug: T352000
Change-Id: Ib4c653a80aa65ae6cc847fa116376e0200d9b17d
* Don't use namespace on already imported Manager class
* Fix oauth mention to oathauth
Follows-Up: I6aa69c089340434737b55201b80398708a70c355
Change-Id: Id43fc3cffee589c6d04281edeb778c011dfecda4
