jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Allow ghost users to skip 2fa

Browse Source
This commit is contained in:
Girish Ramakrishnan
2018-05-14 14:49:31 -07:00
parent a1020ec6b8
commit a45b1449de
3 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/oauth2.js
+1 -1
View File
@@ -286,7 +286,7 @@ function login(req, res) {
passport.authenticate('local', {
failureRedirect: '/api/v1/session/login?' + failureQuery
})(req, res, function () {
if (req.user.twoFactorAuthenticationEnabled) {
if (!req.user.ghost && req.user.twoFactorAuthenticationEnabled) {
if (!req.body.totpToken) {
let failureQuery = querystring.stringify({ error: 'A 2FA token is required', returnTo: returnTo });
return res.redirect('/api/v1/session/login?' + failureQuery);