Prevent demo user from enabling 2FA

author: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> 2022-07-20 21:35:02 +1000
committer: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> 2022-07-20 21:35:02 +1000
commit: 5f5bed0db32e1ce111306da121429ec7eabd785b (patch)
tree: 90b3f97ff59e332d8ea646f342dc993dd8f8c035
parent: 2FA on login page (diff)
download: server-5f5bed0db32e1ce111306da121429ec7eabd785b.tar.xz
1 files changed, 3 insertions, 1 deletions
diff --git a/api/src/routes/users/@me/mfa/totp/enable.ts b/api/src/routes/users/@me/mfa/totp/enable.ts
index bc5f16ad..e4ce9ce0 100644
--- a/api/src/routes/users/@me/mfa/totp/enable.ts
+++ b/api/src/routes/users/@me/mfa/totp/enable.ts
@@ -17,7 +17,9 @@ export interface TotpEnableSchema {
 router.post("/", route({ body: "TotpEnableSchema" }), async (req: Request, res: Response) => {
 	const body = req.body as TotpEnableSchema;
 
-	const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["data"] });
+	const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["data", "email"] });
+
+	if (user.email == "demo@maddy.k.vu") throw new HTTPError("Demo user, sorry", 400);
 
 	// TODO: Are guests allowed to enable 2fa?
 	if (user.data.hash) {
author	Madeline <46743919+MaddyUnderStars@users.noreply.github.com>	2022-07-20 21:35:02 +1000
committer	Madeline <46743919+MaddyUnderStars@users.noreply.github.com>	2022-07-20 21:35:02 +1000
commit	5f5bed0db32e1ce111306da121429ec7eabd785b (patch)
tree	90b3f97ff59e332d8ea646f342dc993dd8f8c035
parent	2FA on login page (diff)
download	server-5f5bed0db32e1ce111306da121429ec7eabd785b.tar.xz