From e86a613d8628697731684fcff624d6cba88dd8d8 Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Tue, 14 Mar 2023 11:35:24 +0100
Subject: [PATCH] proxyauth: typo in basic auth validation

---
 src/proxyauth.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/proxyauth.js b/src/proxyauth.js
index aec3a66ff..22d0f62de 100644
--- a/src/proxyauth.js
+++ b/src/proxyauth.js
@@ -68,7 +68,7 @@ async function authorizationHeader(req, res, next) {
     if (!app.manifest.addons.proxyAuth.basicAuth) return next(); // this is a flag because this allows auth to bypass 2FA
 
     const verifyFunc = credentials.name.indexOf('@') !== -1 ? users.verifyWithEmail : users.verifyWithUsername;
-    const [verifyError, user] = await safe(verifyFunc(credentials.name, credentials.pass, appId));
+    const [verifyError, user] = await safe(verifyFunc(credentials.name, credentials.pass, appId, { relaxedTotpCheck: true }));
     if (verifyError) return next(new HttpError(403, 'Invalid username or password' ));
 
     req.user = user;