diff options
Diffstat (limited to 'perllib')
-rw-r--r-- | perllib/Catalyst/Authentication/Credential/2FA.pm | 4 | ||||
-rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth.pm | 11 |
2 files changed, 10 insertions, 5 deletions
diff --git a/perllib/Catalyst/Authentication/Credential/2FA.pm b/perllib/Catalyst/Authentication/Credential/2FA.pm index 3f59ada06..f77f56bea 100644 --- a/perllib/Catalyst/Authentication/Credential/2FA.pm +++ b/perllib/Catalyst/Authentication/Credential/2FA.pm @@ -23,7 +23,9 @@ sub authenticate { if (ref($user_obj)) { # We don't care unless user has a 2FA secret, or the cobrand mandates it - return $user_obj unless $user_obj->has_2fa || $c->cobrand->call_hook('must_have_2fa', $user_obj); + # We also don't care if the cobrand says we don't + my $must_have_2fa = $c->cobrand->call_hook('must_have_2fa', $user_obj) || ''; + return $user_obj if $must_have_2fa eq 'skip' || !($user_obj->has_2fa || $must_have_2fa); $c->stash->{token} = $c->get_param('token'); diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm index 6badbf518..cecfa318c 100644 --- a/perllib/FixMyStreet/App/Controller/Auth.pm +++ b/perllib/FixMyStreet/App/Controller/Auth.pm @@ -277,10 +277,13 @@ sub process_login : Private { if FixMyStreet->config('SIGNUPS_DISABLED') && !$user->in_storage && !$data->{old_user_id}; # People using 2FA need to supply a code - if ($user->has_2fa) { - $c->forward( 'token_2fa', [ $user, $url_token ] ); - } elsif ($c->cobrand->call_hook('must_have_2fa', $user)) { - $c->forward( 'signup_2fa', [ $user ] ); + my $must_have_2fa = $c->cobrand->call_hook('must_have_2fa', $user) || ''; + if ($must_have_2fa ne 'skip') { + if ($user->has_2fa) { + $c->forward( 'token_2fa', [ $user, $url_token ] ); + } elsif ($c->cobrand->call_hook('must_have_2fa', $user)) { + $c->forward( 'signup_2fa', [ $user ] ); + } } if ($data->{old_user_id}) { |