MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-12-26 07:05:52 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fixed clearing timed OTP when backup codes are not allowed (#4268)

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2022-07-14 13:56:47 -07:00
parent 138fc507c8
commit c7561b5dd8
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
meshuser.js
View File

@ -3397,9 +3397,6 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Do not allow this command if 2FA's are locked // Do not allow this command if 2FA's are locked
if ((domain.passwordrequirements) && (domain.passwordrequirements.lock2factor == true)) return; if ((domain.passwordrequirements) && (domain.passwordrequirements.lock2factor == true)) return;
// Do not allow this command if backup codes are not allowed
if ((domain.passwordrequirements) && (domain.passwordrequirements.backupcode2factor == false)) return;
// Do not allow this command when logged in using a login token // Do not allow this command when logged in using a login token
if (req.session.loginToken != null) break; if (req.session.loginToken != null) break;