2 files changed, 15 insertions, 0 deletions

diff --git a/perllib/FixMyStreet/Cobrand/FixMyStreet.pm b/perllib/FixMyStreet/Cobrand/FixMyStreet.pm
index 5f5389e0d..f2551a16d 100644
--- a/perllib/FixMyStreet/Cobrand/FixMyStreet.pm
+++ b/perllib/FixMyStreet/Cobrand/FixMyStreet.pm
@@ -313,6 +313,7 @@ sub suppress_reporter_alerts {
 sub must_have_2fa {
     my ($self, $user) = @_;
     return 1 if $user->is_superuser;
+    return 1 if $user->from_body && $user->from_body->name eq 'TfL';
     return 0;
 }
 
diff --git a/perllib/FixMyStreet/Cobrand/TfL.pm b/perllib/FixMyStreet/Cobrand/TfL.pm
index f4e7fb14a..4543c1751 100644
--- a/perllib/FixMyStreet/Cobrand/TfL.pm
+++ b/perllib/FixMyStreet/Cobrand/TfL.pm
@@ -127,4 +127,18 @@ sub available_permissions {
     return $perms;
 }
 
+sub must_have_2fa {
+    my ($self, $user) = @_;
+
+    require Net::Subnet;
+    my $ips = $self->feature('internal_ips');
+    my $is_internal_network = Net::Subnet::subnet_matcher(@$ips);
+
+    my $ip = $self->{c}->req->address;
+    return 'skip' if $is_internal_network->($ip);
+    return 1 if $user->is_superuser;
+    return 1 if $user->from_body && $user->from_body->name eq 'TfL';
+    return 0;
+}
+
 1;