Starship/CoreID
1
0
Fork 0
Code Issues 8 Pull Requests Releases 34 Wiki Activity

Do not let login message clobber MFA

Browse Source
This commit is contained in:
garrettmills 2020-08-12 22:13:46 -05:00
parent f1bd6e1ad4
commit c7f6172d56
No known key found for this signature in database
GPG Key ID: 6ACD58D6ADACFC6E
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/controllers/api/v1/Auth.controller.js
View File

@ -608,7 +608,7 @@ class AuthController extends Controller {
// If there are login messages, show those
const LoginMessage = this.models.get('LoginMessage')
const messages = await LoginMessage.for_user(user)
if ( messages.length > 0 ) {
if ( !req.trap.has_trap('mfa_challenge') && messages.length > 0 ) {
await req.trap.begin('login_message', { session_only: true })
}
@ -688,7 +688,17 @@ class AuthController extends Controller {
if ( is_valid ) {
if ( req.trap.has_trap('mfa_challenge') )
await req.trap.end()
// If there are login messages, show those
const LoginMessage = this.models.get('LoginMessage')
const messages = await LoginMessage.for_user(req.user)
if ( messages.length > 0 ) {
await req.trap.begin('login_message', { session_only: true })
}
next_destination = req.session.auth.flow || this.configs.get('auth.default_login_route')
if ( messages.length < 1 )
delete req.session.auth.flow
}