jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Allow ghost users to skip 2fa

Browse Source
This commit is contained in:
Girish Ramakrishnan
2018-05-14 14:49:31 -07:00
parent a1020ec6b8
commit a45b1449de
3 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/developer.js
+1 -1
View File
@@ -17,7 +17,7 @@ function login(req, res, next) {
var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress || null;
if (user.twoFactorAuthenticationEnabled) {
if (!user.ghost && user.twoFactorAuthenticationEnabled) {
if (!req.body.totpToken) return next(new HttpError(401, 'A totpToken must be provided'));
let verified = speakeasy.totp.verify({ secret: user.twoFactorAuthenticationSecret, encoding: 'base32', token: req.body.totpToken });