fix(backend): only check for 2fa if it was enabled
fix(backend): don't reject logins where 2fa is disabled and security keys are available
This commit is contained in:
parent
4687b21d79
commit
78af158c30
1 changed files with 2 additions and 2 deletions
|
@ -116,7 +116,7 @@ export default async (ctx: Koa.Context) => {
|
|||
);
|
||||
}
|
||||
|
||||
if (!profile.twoFactorEnabled) {
|
||||
if (!profile.twoFactorEnabled && !profile.securityKeysAvailable) {
|
||||
if (same) {
|
||||
signin(ctx, user);
|
||||
return;
|
||||
|
@ -128,7 +128,7 @@ export default async (ctx: Koa.Context) => {
|
|||
}
|
||||
}
|
||||
|
||||
if (token) {
|
||||
if (token && profile.twoFactorEnabled) {
|
||||
if (!same) {
|
||||
await fail(403, {
|
||||
id: "932c904e-9460-45b7-9ce6-7ed33be7eb2c",
|
||||
|
|
Loading…
Reference in a new issue