feat: add SMS fallback to the 2FA screen#207
Merged
Merged
Conversation
rursache
force-pushed
the
feature/2fa-sms-fallback
branch
from
b321cd4 to
f348526
Compare
Owner
|
Do you know all these languages to be filling out all the localizations? |
Contributor
Author
|
@claration no, i used AI to fill those instead of shipping only english considering this is a multilanguage project |
Owner
|
I suggest keeping them english so users who speak those languages can fill them out when they have the time to :) at least to me, its better this way. |
When an account has a trusted device, Apple returns trustedDeviceSecondaryAuth and the code is only pushed to the device, with no way to switch to SMS. This wires the existing SMS 2FA core methods into the login flow: - plume_core: the 2FA callback now receives a TwoFactorRequest (delivery method + trusted phone numbers) and returns a TwoFactorAction (SubmitCode or SendSms), so the caller can request an SMS fallback mid-flow. Trusted phone numbers are fetched up front via get_auth_extras when device 2FA starts. - GUI: the 2FA screen lists each trusted phone number and adds a Send via SMS button; the prompt updates to reflect the active delivery channel. - CLI: typing 'sms' at the prompt switches delivery to SMS, with a picker when there is more than one number.
rursache
force-pushed
the
feature/2fa-sms-fallback
branch
from
f348526 to
26b53fa
Compare
Contributor
Author
|
@claration updated to remove non-english translations |
claration
approved these changes
Jun 15, 2026
Owner
|
thank you! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #128
When an account has a trusted device, Apple returns trustedDeviceSecondaryAuth and
Impactor only pushes the code to that device. The 2FA screen had no way to switch to
SMS, so anyone who relies on a text message had no way through, which is what #128 hit
The core already had the SMS methods (send_sms_2fa_to_devices, verify_sms_2fa) for the
SMS-only login path, they just weren't reachable once a trusted device was in play. This
wires them up:
numbers, and can request an SMS instead of submitting a code
there right away
switches the prompt text once a code is sent by text
more than one number
Tested on the account from #128: the trusted device push still behaves as before, and
choosing SMS now delivers the code and finishes login