Add two-factor authentication for superusers.

author: Matthew Somerville <matthew-github@dracos.co.uk> 2018-02-02 08:52:58 +0000
committer: Matthew Somerville <matthew-github@dracos.co.uk> 2018-02-07 12:11:54 +0000
commit: b4b6679f6aac821ac31e541e0cc6f05549b130b5 (patch)
tree: 9d5f1ab9ab3af93672c11b8cf8998f4cf0878631 /perllib/FixMyStreet/App/Controller/Alert.pm
parent: 3ec1e871a1a04cd1f6ce051d1a6247acf2220ac2 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Alert.pm b/perllib/FixMyStreet/App/Controller/Alert.pm
index 5c9fbad1b..9d522dbc9 100644
--- a/perllib/FixMyStreet/App/Controller/Alert.pm
+++ b/perllib/FixMyStreet/App/Controller/Alert.pm
@@ -281,20 +281,25 @@ then display confirmation page.
 sub send_confirmation_email : Private {
     my ( $self, $c ) = @_;
 
+    my $user = $c->stash->{alert}->user;
+
+    # Superusers using 2FA can not log in by code
+    $c->detach( '/page_error_403_access_denied', [] ) if $user->has_2fa;
+
     my $token = $c->model("DB::Token")->create(
         {
             scope => 'alert',
             data  => {
                 id    => $c->stash->{alert}->id,
                 type  => 'subscribe',
-                email => $c->stash->{alert}->user->email
+                email => $user->email
             }
         }
     );
 
     $c->stash->{token_url} = $c->uri_for_email( '/A', $token->token );
 
-    $c->send_email( 'alert-confirm.txt', { to => $c->stash->{alert}->user->email } );
+    $c->send_email( 'alert-confirm.txt', { to => $user->email } );
 
     $c->stash->{email_type} = 'alert';
     $c->stash->{template} = 'email_sent.html';
author	Matthew Somerville <matthew-github@dracos.co.uk>	2018-02-02 08:52:58 +0000
committer	Matthew Somerville <matthew-github@dracos.co.uk>	2018-02-07 12:11:54 +0000
commit	b4b6679f6aac821ac31e541e0cc6f05549b130b5 (patch)
tree	9d5f1ab9ab3af93672c11b8cf8998f4cf0878631 /perllib/FixMyStreet/App/Controller/Alert.pm
parent	3ec1e871a1a04cd1f6ce051d1a6247acf2220ac2 (diff)