Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 23:00:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

WebClient: respect second factor requirements enforced at group level

Browse Source 
Fixes #1506

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2024-02-04 12:09:47 +01:00
parent c8da72a7f7
commit 3158190945
5 changed files with 109 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/httpd/api_mfa.go
View File

@@ -260,7 +260,7 @@ func getNewRecoveryCode() string {
}
func saveUserTOTPConfig(username string, r *http.Request, recoveryCodes []dataprovider.RecoveryCode) error {
user, err := dataprovider.UserExists(username, "")
user, userMerged, err := dataprovider.GetUserVariants(username, "")
if err != nil {
return err
}
@@ -270,13 +270,13 @@ func saveUserTOTPConfig(username string, r *http.Request, recoveryCodes []datapr
if err != nil {
return util.NewValidationError(fmt.Sprintf("unable to decode JSON body: %v", err))
}
if !user.Filters.TOTPConfig.Enabled && len(user.Filters.TwoFactorAuthProtocols) > 0 {
if !user.Filters.TOTPConfig.Enabled && len(userMerged.Filters.TwoFactorAuthProtocols) > 0 {
return util.NewValidationError("two-factor authentication must be enabled")
}
for _, p := range user.Filters.TwoFactorAuthProtocols {
for _, p := range userMerged.Filters.TwoFactorAuthProtocols {
if !util.Contains(user.Filters.TOTPConfig.Protocols, p) {
return util.NewValidationError(fmt.Sprintf("totp: the following protocols are required: %q",
strings.Join(user.Filters.TwoFactorAuthProtocols, ", ")))
strings.Join(userMerged.Filters.TwoFactorAuthProtocols, ", ")))
}
}
if user.Filters.TOTPConfig.Secret == nil || !user.Filters.TOTPConfig.Secret.IsPlain() {