diff options
| author | Matthew Somerville <matthew@mysociety.org> | 2019-11-05 13:48:00 +0000 |
|---|---|---|
| committer | Dave Arter <davea@mysociety.org> | 2019-12-09 12:48:13 +0000 |
| commit | 440c33c1c41dab2df8786ce43141ff12c59eb6ac (patch) | |
| tree | 97ef61f50654b4e67e4c4a232eb2f7c6eeedae60 /perllib/Catalyst/Authentication | |
| parent | 1fd8b6c22d7dcb97e8475ae1332af40b4ccc2f81 (diff) | |
Allow cobrands to skip 2FA requirement.
Diffstat (limited to 'perllib/Catalyst/Authentication')
| -rw-r--r-- | perllib/Catalyst/Authentication/Credential/2FA.pm | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/perllib/Catalyst/Authentication/Credential/2FA.pm b/perllib/Catalyst/Authentication/Credential/2FA.pm index 3f59ada06..f77f56bea 100644 --- a/perllib/Catalyst/Authentication/Credential/2FA.pm +++ b/perllib/Catalyst/Authentication/Credential/2FA.pm @@ -23,7 +23,9 @@ sub authenticate { if (ref($user_obj)) { # We don't care unless user has a 2FA secret, or the cobrand mandates it - return $user_obj unless $user_obj->has_2fa || $c->cobrand->call_hook('must_have_2fa', $user_obj); + # We also don't care if the cobrand says we don't + my $must_have_2fa = $c->cobrand->call_hook('must_have_2fa', $user_obj) || ''; + return $user_obj if $must_have_2fa eq 'skip' || !($user_obj->has_2fa || $must_have_2fa); $c->stash->{token} = $c->get_param('token'); |