Allow non-superusers to store 2FA secrets.

author: Matthew Somerville <matthew@mysociety.org> 2019-10-23 18:20:28 +0100
committer: Matthew Somerville <matthew@mysociety.org> 2019-10-28 17:11:00 +0000
commit: d551a1f6a7be39646e718683b14a572402e23981 (patch)
tree: 7c6129a7fe2adbf4123f58f6765bdccc3178892d /perllib/Catalyst/Authentication/Credential/2FA.pm
parent: dce115c18fcc3565176b0d65fe7a70926a8eb213 (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/perllib/Catalyst/Authentication/Credential/2FA.pm b/perllib/Catalyst/Authentication/Credential/2FA.pm
index 154959ce3..22f4b4cff 100644
--- a/perllib/Catalyst/Authentication/Credential/2FA.pm
+++ b/perllib/Catalyst/Authentication/Credential/2FA.pm
@@ -21,8 +21,7 @@ sub authenticate {
 
     my $user_obj = $realm->find_user($userfindauthinfo, $c);
     if (ref($user_obj)) {
-        # We don't care unless user is a superuser and has a 2FA secret
-        return $user_obj unless $user_obj->is_superuser;
+        # We don't care unless user has a 2FA secret
         return $user_obj unless $user_obj->get_extra_metadata('2fa_secret');
 
         $c->stash->{token} = $c->get_param('token');
@@ -91,8 +90,8 @@ with a two-factor authentication code.
 
 This authentication credential checker takes authentication information
 (most often a username), and only passes if a valid 2FA code is then
-entered. It only works for Users that have an is_superuser flag set,
-plus store the 2FA secret in a FixMyStreet::Role::Extra metadata key.
+entered. It only works for Users that have a 2FA secret stored in a
+FixMyStreet::Role::Extra metadata key.
 
 =head1 CONFIGURATION
author	Matthew Somerville <matthew@mysociety.org>	2019-10-23 18:20:28 +0100
committer	Matthew Somerville <matthew@mysociety.org>	2019-10-28 17:11:00 +0000
commit	d551a1f6a7be39646e718683b14a572402e23981 (patch)
tree	7c6129a7fe2adbf4123f58f6765bdccc3178892d /perllib/Catalyst/Authentication/Credential/2FA.pm
parent	dce115c18fcc3565176b0d65fe7a70926a8eb213 (diff)