Allow ghost users to skip 2fa

2018-05-14 14:49:31 -07:00
parent a1020ec6b8
commit a45b1449de
3 changed files with 6 additions and 3 deletions
--- a/src/users.js
+++ b/src/users.js
@@ -220,7 +220,10 @@ function verify(userId, password, callback) {
        if (error) return callback(error);

        // for just invited users the username may be still null
-        if (user.username && verifyGhost(user.username, password)) return callback(null, user);
+        if (user.username && verifyGhost(user.username, password)) {
+            user.ghost = true;
+            return callback(null, user);
+        }

        var saltBinary = new Buffer(user.salt, 'hex');
        crypto.pbkdf2(password, saltBinary, CRYPTO_ITERATIONS, CRYPTO_KEY_LENGTH, CRYPTO_DIGEST, function (error, derivedKey) {