From 88259246fb10a0c779c495981a0ebb969322ff90 Mon Sep 17 00:00:00 2001
From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com>
Date: Wed, 20 Jul 2022 21:35:02 +1000
Subject: [PATCH] Prevent demo user from enabling 2FA

---
 api/src/routes/users/@me/mfa/totp/enable.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/src/routes/users/@me/mfa/totp/enable.ts b/api/src/routes/users/@me/mfa/totp/enable.ts
index bc5f16ad..e4ce9ce0 100644
--- a/api/src/routes/users/@me/mfa/totp/enable.ts
+++ b/api/src/routes/users/@me/mfa/totp/enable.ts
@@ -17,7 +17,9 @@ export interface TotpEnableSchema {
 router.post("/", route({ body: "TotpEnableSchema" }), async (req: Request, res: Response) => {
 	const body = req.body as TotpEnableSchema;
 
-	const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["data"] });
+	const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["data", "email"] });
+
+	if (user.email == "demo@maddy.k.vu") throw new HTTPError("Demo user, sorry", 400);
 
 	// TODO: Are guests allowed to enable 2fa?
 	if (user.data.hash) {