Add second recovery secret when user recovers account
anikarni opened this issue · comments
Anike Arni commented
Once the user logs in with the old recovery code, we have to ensure a new recovery secret is added to the secrets document, before updating it in Bonafide.
Acceptance Criteria
Given I already had a recovery secret, when I submit my back-up email, I should have a second recovery secret encoded with the new recovery code in the secrets file.
In Scope
- Generate new recovery code
- Encrypt secret with new recovery code
- Save the second secret in the secrets doc
Out of Scope
- Deleting the old recovery code