From 78af158c306fc7d71b33b6085a2a09ccef913a6f Mon Sep 17 00:00:00 2001
From: TrojanerHD <github@trojaner.dev>
Date: Sat, 24 Feb 2024 02:15:49 +0100
Subject: [PATCH] fix(backend): only check for 2fa if it was enabled

fix(backend): don't reject logins where 2fa is disabled and security keys are available
---
 packages/backend/src/server/api/private/signin.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/server/api/private/signin.ts b/packages/backend/src/server/api/private/signin.ts
index 23ec32df..039febfe 100644
--- a/packages/backend/src/server/api/private/signin.ts
+++ b/packages/backend/src/server/api/private/signin.ts
@@ -116,7 +116,7 @@ export default async (ctx: Koa.Context) => {
 		);
 	}
 
-	if (!profile.twoFactorEnabled) {
+	if (!profile.twoFactorEnabled && !profile.securityKeysAvailable) {
 		if (same) {
 			signin(ctx, user);
 			return;
@@ -128,7 +128,7 @@ export default async (ctx: Koa.Context) => {
 		}
 	}
 
-	if (token) {
+	if (token && profile.twoFactorEnabled) {
 		if (!same) {
 			await fail(403, {
 				id: "932c904e-9460-45b7-9ce6-7ed33be7eb2c",