Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Fix #4841: force 2FA validation when it's required in site level.

Browse Source
This commit is contained in:
Ben
2024-11-23 13:04:27 +08:00
parent 601caab3b6
commit b5f75f0c5e
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Oqtane.Server/Managers/UserManager.cs
View File

@ -339,13 +339,15 @@ namespace Oqtane.Managers
user = _users.GetUser(user.Username);
if (!user.IsDeleted)
{
if (user.TwoFactorRequired)
var alias = _tenantManager.GetAlias();
var twoFactorSetting = _settings.GetSetting(EntityNames.Site, alias.SiteId, "LoginOptions:TwoFactor")?.SettingValue ?? "false";
var twoFactorRequired = twoFactorSetting == "required" || user.TwoFactorRequired;
if (twoFactorRequired)
{
var token = await _identityUserManager.GenerateTwoFactorTokenAsync(identityuser, "Email");
user.TwoFactorCode = token;
user.TwoFactorExpiry = DateTime.UtcNow.AddMinutes(10);
_users.UpdateUser(user);
var alias = _tenantManager.GetAlias();
string siteName = _sites.GetSite(alias.SiteId).Name;
string subject = _localizer["TwoFactorEmailSubject"];
subject = subject.Replace("[SiteName]", siteName);