Resetting Two-Factor Authentication

If a user configured for Two-Factor Authentication loses the registered smartphone, there is an immediate security risk—the person who found (or purloined) the smartphone can access the user’s Brightspot account. When a user reports a stolen smartphone used for two-factor authentication, you need to remove the smartphone from the authentication protocol.

  1. Acquire the user’s email for logging in to Brightspot.

  2. In Brightspot, go to <host>/_debug/code/. The Dari code editor appears.

    ../../../_images/tfa-tool-user.png
  3. From the drop-down list, select PLAYGROUND.

  4. Using the following snippet as a model, search for and reset the user’s two-factor authentication flag.

  5. Click Run.

Brightspot resets the user’s authentication flag, which removes the stolen phone from the authentication protocol. At the next login, the user sees the Enable Two-Factor Authentication widget, and registers the new phone with the protocol.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
 import com.psddev.dari.db.*;
 import com.psddev.cms.db.ToolUser;

 public class Code {
     public static Object main() throws Throwable {

         ToolUser tfaUser = Query.from(ToolUser.class).where("email = ?", "tfa@example.com").first();
         tfaUser.setTfaEnabled(Boolean.FALSE);
         tfaUser.save();
         return tfaUser;

     }
 }

In the previous snippet—

  • Line 7 retrieves the user’s record by email.
  • Line 8 resets the two-factor authentication flag.
  • Line 10 displays the updated record.

For additional information, see Two-Factor Authentication.