From 440c33c1c41dab2df8786ce43141ff12c59eb6ac Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Tue, 5 Nov 2019 13:48:00 +0000
Subject: Allow cobrands to skip 2FA requirement.

---
 perllib/FixMyStreet/App/Controller/Auth.pm | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'perllib/FixMyStreet/App/Controller/Auth.pm')

diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm
index 6badbf518..cecfa318c 100644
--- a/perllib/FixMyStreet/App/Controller/Auth.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth.pm
@@ -277,10 +277,13 @@ sub process_login : Private {
         if FixMyStreet->config('SIGNUPS_DISABLED') && !$user->in_storage && !$data->{old_user_id};
 
     # People using 2FA need to supply a code
-    if ($user->has_2fa) {
-        $c->forward( 'token_2fa', [ $user, $url_token ] );
-    } elsif ($c->cobrand->call_hook('must_have_2fa', $user)) {
-        $c->forward( 'signup_2fa', [ $user ] );
+    my $must_have_2fa = $c->cobrand->call_hook('must_have_2fa', $user) || '';
+    if ($must_have_2fa ne 'skip') {
+        if ($user->has_2fa) {
+            $c->forward( 'token_2fa', [ $user, $url_token ] );
+        } elsif ($c->cobrand->call_hook('must_have_2fa', $user)) {
+            $c->forward( 'signup_2fa', [ $user ] );
+        }
     }
 
     if ($data->{old_user_id}) {
-- 
cgit v1.2.3