naskya/firefish
1
0
Fork 1
mirror of https://example.com synced 2024-11-22 06:26:39 +09:00
Code Issues Activity

fix(backend): only check for 2fa if it was enabled

Browse source 
fix(backend): don't reject logins where 2fa is disabled and security keys are available
This commit is contained in:
TrojanerHD 2024-02-24 02:15:49 +01:00 committed by naskya
parent 4687b21d79
commit 78af158c30
Signed by: naskya
GPG key ID: 712D413B3A9FED5C
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
packages/backend/src/server/api/private/signin.ts
View file

@ -116,7 +116,7 @@ export default async (ctx: Koa.Context) => {
);
}
if (!profile.twoFactorEnabled) {
if (!profile.twoFactorEnabled && !profile.securityKeysAvailable) {
if (same) {
signin(ctx, user);
return;
@ -128,7 +128,7 @@ export default async (ctx: Koa.Context) => {
}
}
if (token) {
if (token && profile.twoFactorEnabled) {
if (!same) {
await fail(403, {
id: "932c904e-9460-45b7-9ce6-7ed33be7eb2c",