Summary
- Users can now enable optional TOTP two-factor authentication from their profile by scanning a QR code with an authenticator app and confirming a generated code.
- Signing in with 2FA enabled now asks for a six-digit code after the password, with single-use recovery codes available if authenticator access is lost.
- Administrators can reset another user's two-factor authentication from the Users page, and trusted devices can skip the code for 30 days while still requiring the account password.
Upgrade Notes
- This release includes database migrations for user two-factor settings and trusted-device records; run migrations as part of the upgrade.
- No new environment variables are required.
- Rebuild and restart the VolumeVault container after upgrading.
Verification
- Local verification before release included
docker run --rm --user "$(id -u):$(id -g)" -v "/home/darkdragon/VolumeVault:/app" -w /app volumevault:local php artisan changelog:validate v1.15.0 --release --no-interaction. - Local verification before release included
docker run --rm --user "$(id -u):$(id -g)" -v "/home/darkdragon/VolumeVault:/app" -w /app volumevault:local php artisan test --compact. - Local verification before release included
docker run --rm --user "$(id -u):$(id -g)" -v "/home/darkdragon/VolumeVault:/app" -w /app volumevault:local php ./vendor/bin/pint --dirty --format agent. - Local verification before release included
npm run build.