From aa87fd61bb01952c91562e7c8ee130bba7a5700f Mon Sep 17 00:00:00 2001 From: si458 Date: Fri, 1 Mar 2024 15:45:39 +0000 Subject: [PATCH] maybe fix weird undefined user login accepted #5870 Signed-off-by: si458 --- webserver.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webserver.js b/webserver.js index 3f1d8df8..d99d082b 100644 --- a/webserver.js +++ b/webserver.js @@ -2815,7 +2815,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF obj.authenticate(req.query.user, req.query.pass, domain, function (err, userid, passhint, loginOptions) { // 2FA is not supported in URL authentication method. If user has 2FA enabled, this login method fails. var user = obj.users[userid]; - if (checkUserOneTimePasswordRequired(domain, user, req, loginOptions) == true) { + if ((err == null) && checkUserOneTimePasswordRequired(domain, user, req, loginOptions) == true) { handleRootRequestEx(req, res, domain, direct); } else if ((userid != null) && (err == null)) { // Login success