Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Transfer ownership #396

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

feat: Transfer ownership #396

wants to merge 4 commits into from

Conversation

LazyCat2
Copy link

@LazyCat2 LazyCat2 commented Mar 3, 2025
edited
Loading

Please make sure to check the following tasks before opening and submitting a PR

  • I understand and have followed the contribution guide
  • I have tested my changes locally and they are working as intended

Closes #196
RFC PR: #14

Screenshot with curl commands that uses this feature

MCausc78 added a commit to MCausc78/pyvolt that referenced this pull request Mar 3, 2025
@MCausc78
Add support for transferring server ownership
2e305b9 
References:

- revoltchat/backend#396
- revoltchat/rfcs#14
@StupidRepo
Copy link

StupidRepo commented Mar 7, 2025
edited
Loading

As mentioned in the comment I put in the RFC PR, it would be better to check if the user has 2FA enabled before allowing them to transfer servers. That way any account which does not have 2FA enabled will not be allowed to transfer servers, preventing future abuse/malicious activity.

@LazyCat2
Copy link
Author

LazyCat2 commented Mar 7, 2025

As mentioned in the comment I put in the RFC PR, it would be better to check if the user has 2FA enabled before allowing them to transfer servers. That way any account which does not have 2FA enabled will not be allowed to transfer servers, preventing future abuse/malicious activity.

If hacker gets access to account, they can just enable mfa, if it is not enabled already, so i do not think this check will add any security

@StupidRepo
Copy link

StupidRepo commented Mar 7, 2025
edited
Loading

If hacker gets access to account, they can just enable mfa

You need the account's password to enable 2FA/MFA. If a hacker gains access to an account, it would most likely be via token rather than password. How can someone enable 2FA if they don't have the password?

@LazyCat2
Copy link
Author

LazyCat2 commented Mar 7, 2025

If hacker gets access to account, they can just enable mfa

You need the account's password to enable 2FA/MFA. If a hacker gains access to an account, it would most likely be via token rather than password. How can someone enable 2FA if they don't have the password?

Ill try to add it later then

@StupidRepo
Copy link

If hacker gets access to account, they can just enable mfa

You need the account's password to enable 2FA/MFA. If a hacker gains access to an account, it would most likely be via token rather than password. How can someone enable 2FA if they don't have the password?

Ill try to add it later then

👍🏻

@LazyCat2
Require TOTP
f9bb5d5 
Signed-off-by: LazyCat2 <[email protected]>
@LazyCat2
Copy link
Author

LazyCat2 commented Mar 9, 2025

image
seems to work I think

@LazyCat2 LazyCat2 marked this pull request as ready for review March 9, 2025 17:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@StupidRepo StupidRepo StupidRepo left review comments

@MCausc78 MCausc78 MCausc78 left review comments

@IAmTomahawkx IAmTomahawkx IAmTomahawkx approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Pull Request Overview
Status: 🆕 Untriaged
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feature request: Server Ownership Transfer
4 participants
@LazyCat2 @StupidRepo @IAmTomahawkx @MCausc78