Fix: Implement MFA removal protection

2025-12-24 08:51:16 -05:00 · 2025-10-17 19:50:29 +00:00
parent 8a36c71edb
commit a0d341c4e0
4 changed files with 201 additions and 33 deletions
--- a/src/lib/securityValidation.ts
+++ b/src/lib/securityValidation.ts
@@ -85,7 +85,7 @@ export function getRateLimitParams(operation: SecurityOperation): {
    identity_connect: { action: 'identity_connect', maxAttempts: 5, windowMinutes: 60 },
    session_revoke: { action: 'session_revoke', maxAttempts: 10, windowMinutes: 60 },
    mfa_enroll: { action: 'mfa_enroll', maxAttempts: 3, windowMinutes: 60 },
-    mfa_unenroll: { action: 'mfa_unenroll', maxAttempts: 2, windowMinutes: 60 },
+    mfa_unenroll: { action: 'mfa_unenroll', maxAttempts: 2, windowMinutes: 1440 }, // Phase 4: 2 per day
  };
  
  return limits[operation] || { action: operation, maxAttempts: 5, windowMinutes: 60 };