mandatory2fa: fix workflow when using external LDAP

* Always allow the mandatory 2fa setting to be saved * Show warning for user if they have no 2fa setup and if not external 2fa * If they get locked out anyway, they have to use CLI tool * redirect for mandatory 2fa only if not external 2fa as well
2024-05-25 12:54:40 +02:00
parent 077f95049e
commit d34b102e52
8 changed files with 27 additions and 10 deletions
@@ -677,7 +677,10 @@ app.controller('MainController', ['$scope', '$route', '$timeout', '$location', '
    };

    function redirectOnMandatory2FA() {
-        if (Client.getConfig().mandatory2FA && !Client.getUserInfo().twoFactorAuthenticationEnabled) {
+        if (Client.getConfig().mandatory2FA) {
+            if (Client.getUserInfo().twoFactorAuthenticationEnabled) return; // user already has 2fa
+            if (Client.getUserInfo().source && $scope.config.external2FA) return; // 2fa is external
+
            $location.path('/profile').search({ setup2fa: true });
        }
    }