external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Fixed using timed OTP when backup codes are not allowed (#4268)

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2022-07-14 13:55:28 -07:00
parent 636f801bd7
commit 138fc507c8
2 changed files with 6 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

6
meshuser.js
View file

@ -3330,9 +3330,6 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Do not allow this command if 2FA's are locked
if ((domain.passwordrequirements) && (domain.passwordrequirements.lock2factor == true)) { ws.send(JSON.stringify({ action: 'otpauth-request', err: 1 })); return; }
// Do not allow this command if backup codes are not allowed
if ((domain.passwordrequirements) && (domain.passwordrequirements.backupcode2factor == false)) { ws.send(JSON.stringify({ action: 'otpauth-request', err: 2 })); return; }
// Do not allow this command when logged in using a login token
if (req.session.loginToken != null) { ws.send(JSON.stringify({ action: 'otpauth-request', err: 3 })); return; }
@ -3361,9 +3358,6 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Do not allow this command if 2FA's are locked
if ((domain.passwordrequirements) && (domain.passwordrequirements.lock2factor == true)) return;
// Do not allow this command if backup codes are not allowed
if ((domain.passwordrequirements) && (domain.passwordrequirements.backupcode2factor == false)) return;
// Do not allow this command when logged in using a login token
if (req.session.loginToken != null) break;