diff options
author | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-07-20 21:35:02 +1000 |
---|---|---|
committer | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-07-20 21:35:02 +1000 |
commit | 88259246fb10a0c779c495981a0ebb969322ff90 (patch) | |
tree | 04a9b66119a23299a5d758e124176a153d27cda9 | |
parent | 2FA on login page (diff) | |
download | server-88259246fb10a0c779c495981a0ebb969322ff90.tar.xz |
Prevent demo user from enabling 2FA
-rw-r--r-- | api/src/routes/users/@me/mfa/totp/enable.ts | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/api/src/routes/users/@me/mfa/totp/enable.ts b/api/src/routes/users/@me/mfa/totp/enable.ts index bc5f16ad..e4ce9ce0 100644 --- a/api/src/routes/users/@me/mfa/totp/enable.ts +++ b/api/src/routes/users/@me/mfa/totp/enable.ts @@ -17,7 +17,9 @@ export interface TotpEnableSchema { router.post("/", route({ body: "TotpEnableSchema" }), async (req: Request, res: Response) => { const body = req.body as TotpEnableSchema; - const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["data"] }); + const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["data", "email"] }); + + if (user.email == "demo@maddy.k.vu") throw new HTTPError("Demo user, sorry", 400); // TODO: Are guests allowed to enable 2fa? if (user.data.hash) { |