Prevent demo user from enabling 2FA

author: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> 2022-07-20 21:35:02 +1000
committer: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> 2022-07-20 21:35:02 +1000
commit: 88259246fb10a0c779c495981a0ebb969322ff90 (patch)
tree: 04a9b66119a23299a5d758e124176a153d27cda9
parent: 2FA on login page (diff)
download: server-88259246fb10a0c779c495981a0ebb969322ff90.tar.xz
1 files changed, 3 insertions, 1 deletions
diff --git a/api/src/routes/users/@me/mfa/totp/enable.ts b/api/src/routes/users/@me/mfa/totp/enable.ts
index bc5f16ad..e4ce9ce0 100644
--- a/api/src/routes/users/@me/mfa/totp/enable.ts
+++ b/api/src/routes/users/@me/mfa/totp/enable.ts
@@ -17,7 +17,9 @@ export interface TotpEnableSchema {
 router.post("/", route({ body: "TotpEnableSchema" }), async (req: Request, res: Response) => {
 	const body = req.body as TotpEnableSchema;
 
-	const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["data"] });
+	const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["data", "email"] });
+
+	if (user.email == "demo@maddy.k.vu") throw new HTTPError("Demo user, sorry", 400);
 
 	// TODO: Are guests allowed to enable 2fa?
 	if (user.data.hash) {
author	Madeline <46743919+MaddyUnderStars@users.noreply.github.com>	2022-07-20 21:35:02 +1000
committer	Madeline <46743919+MaddyUnderStars@users.noreply.github.com>	2022-07-20 21:35:02 +1000
commit	88259246fb10a0c779c495981a0ebb969322ff90 (patch)
tree	04a9b66119a23299a5d758e124176a153d27cda9
parent	2FA on login page (diff)
download	server-88259246fb10a0c779c495981a0ebb969322ff90.tar.xz