-
Notifications
You must be signed in to change notification settings - Fork 694
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
if the user is logged in the passcode can be changed without any re-authentication #2088
Comments
I'm working on this issue. |
Hi @gururani-abhishek the fragment had to be opened after changing the passcode and this was to be the supposed behaviour. For more queries you can look into android client that has this feature |
Thanks man, will look into it. |
Hey @PratyushSingh07 is this issue resolved? If not then I would like to work on this issue. |
@gururani-abhishek are you working on this issue? If not then can @Tejas-67 work on it? |
Hey @PratyushSingh07 , should I start working on this issue? or wait for @gururani-abhishek to respond. |
You can start working on it @Tejas-67 |
Hey @PratyushSingh07 , every time i try to login with the demo credentials ( username: mifos , password: password) a toast appears saying "Login Failed, Please try again later" . Any fixes for this? |
Please sync your fork @Tejas-67 |
Hey @PratyushSingh07 , my bad for the late follow-up. So, the PasscodeActivity inherits from MifosPasswordActivity, so its behavior cannot be altered. For adding re-auth, it looks like we'll have to create a new alert dialog or layout. Any suggestions on how we can smoothly go about this within the current setup? |
Can I work on this issue? or if you don't mind can we @Tejas-67 collaborate on working together on this issue together? |
Summary:
If the user is logged in the user can change passcode without any re-authentication. Video Below ->
Steps to reproduce:
Go to Settings -> change passcode
Expected behaviour:
Almost every modern fintech app asks for the current user passcode before allowing the user to change current passcode, it adds a secure layer, and provides a secure User Experience.
Observed behaviour:
No re-authentication was done before allowing the user to change the current passcode.
Device and Android version:
Pixel 2
Screenshots:
newIssue.mp4
The text was updated successfully, but these errors were encountered: