external ldap: ensure dashboard login does totp check

2024-01-08 11:55:35 +01:00
parent 6cdb448f62
commit 5b7667fa4d
5 changed files with 18 additions and 21 deletions
@@ -522,7 +522,7 @@ function interactionLogin(provider) {

        const verifyFunc = username.indexOf('@') === -1 ? users.verifyWithUsername : users.verifyWithEmail;

-        const [verifyError, user] =  await safe(verifyFunc(username, password, users.AP_WEBADMIN, { totpToken }));
+        const [verifyError, user] =  await safe(verifyFunc(username, password, users.AP_WEBADMIN, { totpToken, skipTotpCheck: false }));
        if (verifyError && verifyError.reason === BoxError.INVALID_CREDENTIALS) return next(new HttpError(401, verifyError.message));
        if (verifyError && verifyError.reason === BoxError.NOT_FOUND) return next(new HttpError(401, 'Username and password does not match'));
        if (verifyError) return next(new HttpError(500, verifyError));