Merge pull request #4948 from zyhfish/task/fix-4947

Fix #4947: check the 2FA settings.
2024-12-24 08:46:43 -05:00
parent 9bfaa02f97 af7b4db062
commit d19d7d2a43
1 changed files with 4 additions and 1 deletions
--- a/Oqtane.Server/Managers/UserManager.cs
+++ b/Oqtane.Server/Managers/UserManager.cs
@ -512,7 +512,10 @@ namespace Oqtane.Managers
            user = _users.GetUser(user.Username);
            if (user != null)
            {
-                if (user.TwoFactorRequired && user.TwoFactorCode == token && DateTime.UtcNow < user.TwoFactorExpiry)
+                var alias = _tenantManager.GetAlias();
+                var twoFactorSetting = _settings.GetSetting(EntityNames.Site, alias.SiteId, "LoginOptions:TwoFactor")?.SettingValue ?? "false";
+                var twoFactorRequired = twoFactorSetting == "required" || user.TwoFactorRequired;
+                if (twoFactorRequired && user.TwoFactorCode == token && DateTime.UtcNow < user.TwoFactorExpiry)
                {
                    user.IsAuthenticated = true;
                }