auth2fa
Model for two-factor authentication state and setup, including TOTP QR/image generation, mode checks, reset checks, and clock skew checks.
Available Model API Paths
| Method | Path pattern | Description |
|---|---|---|
get | /new_totp_image_url | Return the TOTP provisioning QR/image URL generated for the current authenticated user. No further lookups. |
get | /new_totp_image_url/+currentcode | Return the TOTP provisioning QR/image URL while validating against +currentcode from the setup flow. No further lookups. |
get | /+user/is_totp_enabled/... | Return whether user +user has a stored TOTP identity (totp identity record exists). |
get | /is_totp_enabled/... | Return whether the current authenticated user has TOTP enabled. |
get | /is_totp_requested/... | Return whether this session already requested/shown the TOTP challenge dialog. |
get | /+user/is_allowed_reset/... | Return whether the current user may reset 2FA for user +user (self or admin-identity edit rights). |
get | /mode/... | Return site-wide 2FA mode from mod_auth2fa.mode (0=optional, 1=ask, 2=required, 3=forced). |
get | /user_mode/... | Return effective 2FA mode for the current user (site mode combined with ACL user-group acl_2fa settings). |
get | /session_mode/... | Return effective 2FA mode for the current session; only username/password and autologon-cookie sessions enforce user mode. |
get | /clock_check | Return clock skew report for payload timestamp (delta, delta_abs, delta_acceptable, is_ok). No further lookups. |
get | /clock_check/+timestamp/... | Return clock skew report for explicit +timestamp (delta, delta_abs, delta_acceptable, is_ok). |
/+name marks a variable path segment. A trailing /... means extra path segments are accepted for further lookups.