From 862cba1a5ba34d13a44177a4635accc32ce6bf24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matej=20Ba=C4=8Do?= <matejbaco2000@gmail.com>
Date: Sun, 25 Feb 2024 16:30:59 +0000
Subject: [PATCH] Check against false positive for MFA

---
 app/controllers/api/teams.php | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php
index c1fcb9d8c..455542f54 100644
--- a/app/controllers/api/teams.php
+++ b/app/controllers/api/teams.php
@@ -756,8 +756,20 @@ App::get('/v1/teams/:teamId/memberships')
         $memberships = array_map(function ($membership) use ($dbForProject, $team) {
             $user = $dbForProject->getDocument('users', $membership->getAttribute('userId'));
 
+            $mfa = $user->getAttribute('mfa', false);
+
+            if ($mfa) {
+                $totpEnabled = $user->getAttribute('totp', false) && $user->getAttribute('totpVerification', false);
+                $emailEnabled = $user->getAttribute('email', false) && $user->getAttribute('emailVerification', false);
+                $phoneEnabled = $user->getAttribute('phone', false) && $user->getAttribute('phoneVerification', false);
+
+                if (!$totpEnabled && !$emailEnabled && !$phoneEnabled) {
+                    $mfa = false;
+                }
+            }
+
             $membership
-                ->setAttribute('mfa', $user->getAttribute('mfa'))
+                ->setAttribute('mfa', $mfa)
                 ->setAttribute('teamName', $team->getAttribute('name'))
                 ->setAttribute('userName', $user->getAttribute('name'))
                 ->setAttribute('userEmail', $user->getAttribute('email'))