Dekescordes/spacebar
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent demo user from enabling 2FA

Browse Source
This commit is contained in:
Madeline 2022-07-20 21:35:02 +10:00
parent c07950570c
commit 88259246fb
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/src/routes/users/@me/mfa/totp/enable.ts
View File

@ -17,7 +17,9 @@ export interface TotpEnableSchema {
router.post("/", route({ body: "TotpEnableSchema" }), async (req: Request, res: Response) => { router.post("/", route({ body: "TotpEnableSchema" }), async (req: Request, res: Response) => {
const body = req.body as TotpEnableSchema; const body = req.body as TotpEnableSchema;
const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["data"] }); const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["data", "email"] });
if (user.email == "demo@maddy.k.vu") throw new HTTPError("Demo user, sorry", 400);
// TODO: Are guests allowed to enable 2fa? // TODO: Are guests allowed to enable 2fa?
if (user.data.hash) { if (user.data.hash) {