From 9150ceadc73d06adaac7436ef1e2628978af37c0 Mon Sep 17 00:00:00 2001 From: Torsten Dittmann Date: Wed, 17 Apr 2024 11:10:33 +0200 Subject: [PATCH] fix: mfa with admin mode --- app/controllers/shared/api.php | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index ad9ed97b6..7033ea605 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -280,18 +280,16 @@ App::init() throw new Exception(Exception::USER_PASSWORD_RESET_REQUIRED); } - if ($mode !== APP_MODE_ADMIN) { - $mfaEnabled = $user->getAttribute('mfa', false); - $hasVerifiedEmail = $user->getAttribute('emailVerification', false); - $hasVerifiedPhone = $user->getAttribute('phoneVerification', false); - $hasVerifiedAuthenticator = TOTP::getAuthenticatorFromUser($user)?->getAttribute('verified') ?? false; - $hasMoreFactors = $hasVerifiedEmail || $hasVerifiedPhone || $hasVerifiedAuthenticator; - $minimumFactors = ($mfaEnabled && $hasMoreFactors) ? 2 : 1; + $mfaEnabled = $user->getAttribute('mfa', false); + $hasVerifiedEmail = $user->getAttribute('emailVerification', false); + $hasVerifiedPhone = $user->getAttribute('phoneVerification', false); + $hasVerifiedAuthenticator = TOTP::getAuthenticatorFromUser($user)?->getAttribute('verified') ?? false; + $hasMoreFactors = $hasVerifiedEmail || $hasVerifiedPhone || $hasVerifiedAuthenticator; + $minimumFactors = ($mfaEnabled && $hasMoreFactors) ? 2 : 1; - if (!in_array('mfa', $route->getGroups())) { - if ($session && \count($session->getAttribute('factors')) < $minimumFactors) { - throw new Exception(Exception::USER_MORE_FACTORS_REQUIRED); - } + if (!in_array('mfa', $route->getGroups())) { + if ($session && \count($session->getAttribute('factors')) < $minimumFactors) { + throw new Exception(Exception::USER_MORE_FACTORS_REQUIRED); } } });