jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Don't let the user bypass 2FA by removing the 'setup2FA' in the url

Browse Source
This commit is contained in:
Girish Ramakrishnan
2020-07-17 14:46:58 -07:00
parent c87ddd5116
commit 4ef963fe54
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/views/profile.js
View File

@@ -622,5 +622,11 @@ angular.module('Application').controller('ProfileController', ['$scope', '$locat
if ($location.search().setup2fa) {
// the form elements of the FormController won't appear in scope yet
$timeout(function () { $scope.twoFactorAuthentication.showMandatory2FA(); }, 1000);
} else {
// don't let the user bypass 2FA by removing the 'setup2FA' in the url
if (Client.getConfig().mandatory2FA && !Client.getUserInfo().twoFactorAuthenticationEnabled) {
$location.path('/profile').search({ setup2fa: true });
return;
}
}
}]);